The LockBit gang is relaunching its ransomware operation on a new infrastructure less than a week after law enforcement hacked their servers, and is threatening to focus more of their attacks on the government sector.

The LockBit ransomware gang is rebooting operations on new infrastructure post-law enforcement server hack, threatening increased attacks on government entities. They admitted to negligence in updating PHP, which led to the breach, and are now enhancing security measures. The gang’s data leak site has relocated to a new .onion domain, listing five victims. LockBit’s PHP servers were compromised due to outdated software, specifically via CVE-2023-3824. Post-Operation Cronos, over 1,000 decryption keys were seized by authorities; LockBit is shifting to manual decryptor releases and multi-server hosting for affiliate panels to minimize hack risks.