Tag: lockbit
-
Operation Cronos Leader Gets Nod From King Charles
Gavin Webb from the National Crime Agency receives the OBE award from King Charles for his strategic role in Operation Cronos, disrupting the LockBit ransomware group. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/operation-cronos-leader-gets-nod-from-king-charles/
-
LockBit 5.0 Unveils Advanced Encryption and Enhanced Anti-Analysis Techniques
LockBit has solidified its position as the most prolific ransomware-as-a-service (RaaS) operation globally, accounting for approximately 21% of all documented ransomware attacks in 2023, following its dominance of 30.25% during the 2021-2022 period. The emergence of LockBit 5.0 represents a significant escalation in technical sophistication, introducing enhanced encryption methodologies and anti-analysis mechanisms that fundamentally complicate…
-
Inside 2025’s Top Threat Groups: Why Familiar Actors Still Have the Upper Hand
New research reveals how ransomware groups like LockBit and Black Basta exploit visibility gaps, leaving security teams struggling to keep pace. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/inside-2025s-top-threat-groups-why-familiar-actors-still-have-the-upper-hand/
-
LockBit takedown architect gets New Year award from King Charles
Tags: lockbitGavin Webb orchestrated Operation Cronos as it pulled off the legendary disruption sting First seen on theregister.com Jump to article: www.theregister.com/2026/01/02/nca_new_year_honours/
-
Mapping the Emerging Alliance Between Qilin, DragonForce, and LockBit
In mid-September 2025, the ransomware landscape witnessed a significant development when DragonForce announced an alliance with Qilin and LockBit on a Russian underground forum. The announcement, posted on September 15, 2025, claimed the three groups were joining forces to navigate an increasingly challenging criminal ecosystem marked by intensified law enforcement pressure and operational fragmentation. A…
-
Cybersecurity Snapshot: Cyber Pros Emerge as Bold AI Adopters, While AI Changes Data Security Game, CSA Reports Say
Tags: advisory, ai, api, attack, awareness, business, cloud, compliance, control, credit-card, crime, crimes, crypto, cyber, cybersecurity, data, data-breach, defense, detection, exploit, finance, framework, google, governance, guide, healthcare, injection, intelligence, law, LLM, lockbit, malicious, metric, mitigation, monitoring, network, office, openai, ransom, ransomware, risk, risk-management, service, skills, sql, threat, tool, training, update, vulnerabilityFormerly “AI shy” cyber pros have done a 180 and become AI power users, as AI forces data security changes, the CSA says. Plus, PwC predicts orgs will get serious about responsible AI usage in 2026, while the NCSC states that, no, prompt injection isn’t the new SQL injection. And much more! Key takeaways Cyber…
-
Cybersecurity Snapshot: Cyber Pros Emerge as Bold AI Adopters, While AI Changes Data Security Game, CSA Reports Say
Tags: advisory, ai, api, attack, awareness, business, cloud, compliance, control, credit-card, crime, crimes, crypto, cyber, cybersecurity, data, data-breach, defense, detection, exploit, finance, framework, google, governance, guide, healthcare, injection, intelligence, law, LLM, lockbit, malicious, metric, mitigation, monitoring, network, office, openai, ransom, ransomware, risk, risk-management, service, skills, sql, threat, tool, training, update, vulnerabilityFormerly “AI shy” cyber pros have done a 180 and become AI power users, as AI forces data security changes, the CSA says. Plus, PwC predicts orgs will get serious about responsible AI usage in 2026, while the NCSC states that, no, prompt injection isn’t the new SQL injection. And much more! Key takeaways Cyber…
-
Ransomware Victim Warning: The Streisand Effect May Apply
Analysis of Seized LockBit Data Suggests Victims Who Pay Enjoy More Media Coverage. Bad news for any organization that’s ever paid a ransom in a bid to avoid their breach coming to light, or for a promise from attackers to delete stolen data, with a study of seized LockBit data finding that victims who paid…
-
Ransomware Victim Warning: The Streisand Effect May Apply
Analysis of Seized LockBit Data Suggests Victims Who Pay Enjoy More Media Coverage. Bad news for any organization that’s ever paid a ransom in a bid to avoid their breach coming to light, or for a promise from attackers to delete stolen data, with a study of seized LockBit data finding that victims who paid…
-
FinCEN says ransomware gangs extorted over $2.1B from 2022 to 2024
A new report by the Financial Crimes Enforcement Network (FinCEN) shows that ransomware activity peaked in 2023 before falling in 2024, following a series of law enforcement actions targeting the ALPHV/BlackCat and LockBit ransomware gangs. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fincen-says-ransomware-gangs-extorted-over-21b-from-2022-to-2024/
-
LockBit 5.0 Infrastructure Exposed as Hackers Leak Critical Server Data
Tags: cyber, cybercrime, cybersecurity, data, data-breach, group, hacker, infrastructure, leak, lockbit, ransomwareSecurity researchers have uncovered critical infrastructure details for the notorious LockBit 5.0 ransomware operation, including the IP address 205.185.116.233 and the domain karma0.xyz, which hosts the group’s latest leak site. The discovery represents a significant operational security failure for the cybercriminal organization. Cybersecurity researcher Rakesh Krishnan first publicized the findings on December 5, 2025, identifying…
-
Coordinated sanctions hit Russian bulletproof hosting providers enabling top ransomware Ops
US, Australia and UK sanctioned 2 Russian bulletproof hosting providers accused of aiding groups like LockBit, BlackSuit and Play. US, Australia and UK sanctioned two Russian bulletproof hosting providers accused of aiding groups like LockBit, BlackSuit and Play. Coordinated sanctions hit Russia-based provider Media Land, its leaders, and sister firms for supplying bulletproof hosting that…
-
US, UK, Australia sanction Lockbit gang’s hosting provider
‘Bulletproof’ hosts partly dodged the last attack of this sort First seen on theregister.com Jump to article: www.theregister.com/2025/11/20/russian_bph_medialand_sanctioned/
-
UK Exposes Bulletproof Hosting Operator Linked to LockBit and Evil Corp
The operator, Alexander Volosovik, also known as “Yalishanda”, “Downlow” and “Stas_vl,” ran a long-running bulletproof hosting operation used by top ransomware groups. First seen on hackread.com Jump to article: hackread.com/uk-bulletproof-hosting-operator-lockbit-evil-corp/
-
US, UK, and Australia sanction Russian ‘bulletproof’ web host used in ransomware attacks
The newly imposed sanctions target Russian-based web host Media Land, which officials say are linked to LockBit and BlackSuit ransomware attacks. First seen on techcrunch.com Jump to article: techcrunch.com/2025/11/19/us-uk-and-australia-sanction-russian-bulletproof-web-host-used-in-ransomware-attacks/
-
US, Allies Sanction Russian Bulletproof Ransomware Host
Treasury Links Russian Bulletproof Host Network to Prolific Ransomware Operations. The U.S., U.K. and Australia sanctioned Russian bulletproof host Media Land for supporting major ransomware gangs like LockBit and Play, a move paired with new global guidance urging internet service providers to tighten access controls and disrupt cybercrime infrastructure. First seen on govinfosecurity.com Jump to…
-
Ransomware’s Fragmentation Reaches a Breaking Point While LockBit Returns
Key Takeaways:85 active ransomware and extortion groups observed in Q3 2025, reflecting the most decentralized ransomware ecosystem to date.1,590 victims disclosed across 85 leak sites, showing high, sustained activity despite law-enforcement pressure.14 new ransomware brands launched this quarter, proving how quickly affiliates reconstitute after takedowns.LockBit’s reappearance with First seen on thehackernews.com Jump to article: thehackernews.com/2025/11/ransomwares-fragmentation-reaches.html
-
Ransomware’s Fragmentation Reaches a Breaking Point While LockBit Returns
Key Takeaways:85 active ransomware and extortion groups observed in Q3 2025, reflecting the most decentralized ransomware ecosystem to date.1,590 victims disclosed across 85 leak sites, showing high, sustained activity despite law-enforcement pressure.14 new ransomware brands launched this quarter, proving how quickly affiliates reconstitute after takedowns.LockBit’s reappearance with First seen on thehackernews.com Jump to article: thehackernews.com/2025/11/ransomwares-fragmentation-reaches.html
-
Kommentare zum Bericht zur Lage der IT-Sicherheit 2025 des BSI
Der Bericht zur Lage der IT-Sicherheit 2025 des BSI sendet ein unmissverständliches Signal: Die Lage in Deutschland bleibt auf einem angespannten Niveau. Trotz operativer Erfolge, wie der Zerschlagung der Lockbit-Gruppe, gibt es keine Entwarnung. Das BSI benennt hierfür einen zentralen Hauptverursacher: die ‘unzureichend geschützten Angriffsflächen”. Befeuert wird diese wachsende Verwundbarkeit durch eine Flut von durchschnittlich…
-
Cybersecurity Experten äußern sich zum BSI-Lagebericht 2025
Die Lage in Deutschland bleibt auf einem angespannten Niveau. Trotz operativer Erfolge, wie der Zerschlagung der LockBit-Gruppe, gibt es keine Entwarnung. Das BSI benennt hierfür einen zentralen Hauptverursacher: die ‘unzureichend geschützten Angriffsflächen”. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/cybersecurity-experten-aeussern-sich-zum-bsi-lagebericht-2025/a42765/
-
Öffentliche Verwaltung im Visier von Cyberspionen
Tags: access, alphv, bsi, cyberattack, cybercrime, encryption, germany, governance, government, infrastructure, lockbit, microsoft, open-source, phishing, qr, service, vulnerabilityLaut BSI haben es Cyberspione aktuell besonders auf die öffentliche Verwaltung abgesehen.Cyberspione haben es in Deutschland derzeit besonders auf die öffentliche Verwaltung abgesehen. Das geht aus dem aktuellen Lagebericht des Bundesamtes für Sicherheit in der Informationstechnik (BSI) hervor. Eine nennenswerte Anzahl von Geschädigten gab es demnach auch in den Sektoren Verteidigung, Rechtspflege, öffentliche Sicherheit und…
-
New Analysis Reveals LockBit 5.0’s Core Features and Dual-Stage Attack Model
LockBit has remained one of the most dominant ransomware-as-a-service (RaaS) groups in the world since its emergence as ABCD ransomware in 2019 and official launch as LockBit in 2020. Despite high-profile setbacks including international law enforcement takedowns in early 2024 and a damaging affiliate panel leak in May 2025 the group continues to update its…
-
New Analysis Reveals LockBit 5.0’s Core Features and Dual-Stage Attack Model
LockBit has remained one of the most dominant ransomware-as-a-service (RaaS) groups in the world since its emergence as ABCD ransomware in 2019 and official launch as LockBit in 2020. Despite high-profile setbacks including international law enforcement takedowns in early 2024 and a damaging affiliate panel leak in May 2025 the group continues to update its…
-
New Analysis Reveals LockBit 5.0’s Core Features and Dual-Stage Attack Model
LockBit has remained one of the most dominant ransomware-as-a-service (RaaS) groups in the world since its emergence as ABCD ransomware in 2019 and official launch as LockBit in 2020. Despite high-profile setbacks including international law enforcement takedowns in early 2024 and a damaging affiliate panel leak in May 2025 the group continues to update its…
-
LockBit 5.0 expands targeting amid ransomware escalation
The LockBit RaaS operation is back in action, with technical features and expanded targeting, and is contributing to a steadily growing number of ransomware attacks First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366633551/LockBit-50-expands-targeting-amid-ransomware-escalation
-
Risiken bei der Wiederherstellung nach Ransomware-Angriffen
Tags: alphv, authentication, backup, ceo, ciso, crowdstrike, cyber, cyberattack, DSGVO, encryption, extortion, incident response, infrastructure, insurance, lockbit, mfa, ransomware, resilience, risk, risk-management, service, tool, updateDie Zahlung des Lösegelds nach einer Ransomware-Attacke ist keine Garantie für eine reibungslose oder gar erfolgreiche Wiederherstellung der Daten.Zwei von fünf Unternehmen, die Cyberkriminellen für die Entschlüsselung von Ransomware bezahlen, können ihre Daten nicht wiederherstellen. Das hat eine weltweite Umfrage des Versicherungsanbieters Hiscox unter 1.000 mittelständischen Unternehmen ergeben.Die Ergebnisse zeigen, dass Ransomware nach wie vor…
-
Risiken bei der Wiederherstellung nach Ransomware-Angriffen
Tags: alphv, authentication, backup, ceo, ciso, crowdstrike, cyber, cyberattack, DSGVO, encryption, extortion, incident response, infrastructure, insurance, lockbit, mfa, ransomware, resilience, risk, risk-management, service, tool, updateDie Zahlung des Lösegelds nach einer Ransomware-Attacke ist keine Garantie für eine reibungslose oder gar erfolgreiche Wiederherstellung der Daten.Zwei von fünf Unternehmen, die Cyberkriminellen für die Entschlüsselung von Ransomware bezahlen, können ihre Daten nicht wiederherstellen. Das hat eine weltweite Umfrage des Versicherungsanbieters Hiscox unter 1.000 mittelständischen Unternehmen ergeben.Die Ergebnisse zeigen, dass Ransomware nach wie vor…
-
âš¡ Weekly Recap: WSUS Exploited, LockBit 5.0 Returns, Telegram Backdoor, F5 Breach Widens
Security, trust, and stability, once the pillars of our digital world, are now the tools attackers turn against us. From stolen accounts to fake job offers, cybercriminals keep finding new ways to exploit both system flaws and human behavior.Each new breach proves a harsh truth: in cybersecurity, feeling safe can be far more dangerous than…
-
New LockBit Ransomware Victims Identified by Security Researchers
Check Point has identified a dozen attacks in September that bore the LockBit stamp, with half of them attributed to the group’s new ransomware version First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/new-lockbit-ransomware-victims/
-
LockBit 5.0 Targets Windows, Linux, and ESXi Systems in Ongoing Attacks
After months of disruption following Operation Cronos in early 2024, the notorious LockBit ransomware group has resurfaced with renewed vigor and a formidable new arsenal. In September 2025 alone, researchers identified a dozen organizations targeted by the revived operation. Particularly alarming is the rapid adoption of the new LockBit 5.0 variant, which accounted for half…