A recent announcement from an individual claiming affiliation with the LockBit ransomware gang signals a potential resurgence of the cyber criminal group’s activities, with a new phase supposedly launching in February 2025.
Despite the significant disruption caused by the National Crime Agency’s (NCA) Operation Cronos in early 2024, which dismantled much of LockBit’s infrastructure, the gang appears determined to re-establish itself.
Screenshots from dark web forums circulating on social media reveal a promotional message for “LockBit 4.0,” inviting recruits to join their operations with promises of wealth and luxury. A countdown timer points to a launch date of 3 February 2025, though links in the post remain inactive now.
What Does LockBit 4.0 Mean?
While details of LockBit 4.0 remain unclear, Robert Fitzsimons, lead threat intelligence engineer at Searchlight Cyber, notes that LockBit has undergone multiple iterations in the past. The ransomware gang seems motivated to shake off the brand damage inflicted by Operation Cronos, which resulted in its LockBit 3.0 leak site being hijacked and defaced by law enforcement.
Although LockBit’s activity has decreased since the operation, the group’s announcement highlights its efforts to attract new affiliates and resume operations. Employees and organisations must remain vigilant, as history shows that such groups are highly resilient, often finding ways to recover and continue their campaigns despite setbacks.
Law Enforcement Pursues Key Figures
The LockBit announcement follows news of the United States’ extradition request for Rotislav Panev, an alleged LockBit software developer. Panev, arrested in Israel earlier this year, is accused of creating mechanisms enabling the gang to print ransom notes on compromised systems. An extradition hearing is scheduled for January 2025.
Additionally, law enforcement has targeted other high-profile members of LockBit, including its alleged leader, Dmitry Khoroshev (aka LockBitSupp), and affiliate Aleksandr Ryzhenkov (aka Beverley). Despite these efforts, key figures remain at large, and the group’s apparent ability to regroup underscores the ongoing threat they pose.
What Neuways Recommend
While the specifics of LockBit 4.0’s capabilities are unknown, the potential for increased ransomware activity in early 2025 is clear. We urge employees and businesses to remain alert and adopt robust anti-ransomware measures:
- Regular Backups: Ensure critical data is securely backed up and stored offline.
- Employee Awareness: Watch out for phishing attempts and unusual requests, especially from unknown sources.
- Patch Management: Keep systems and software updated to mitigate vulnerabilities.
- Multi-Factor Authentication (MFA): Use strong, phish-resistant MFA solutions like YubiKeys to protect accounts.
- Incident Response Plan: Have a clear, rehearsed plan to respond swiftly to potential ransomware attacks.
Stay Vigilant
Cyber criminals thrive on complacency. With LockBit’s ransomware gang possible resurgence in February 2025, now is the time to double down on cyber hygiene and awareness. By staying informed and prepared, we can collectively reduce the impact of these threats and protect critical systems and data.
