www.malwarebytes.com
Open in
urlscan Pro
192.0.66.233
Public Scan
Submitted URL: https://www.malwarebytes.com/blog/cybercrime/2024/02/lockbit-the-worlds-worst-ransomware-is-down
Effective URL: https://www.malwarebytes.com/blog/news/2024/02/lockbit-the-worlds-worst-ransomware-is-down
Submission: On February 20 via api from TR — Scanned from DE
Effective URL: https://www.malwarebytes.com/blog/news/2024/02/lockbit-the-worlds-worst-ransomware-is-down
Submission: On February 20 via api from TR — Scanned from DE
Form analysis 4 forms found in the DOM
GET https://www.malwarebytes.com/
<form role="search" method="get" class="search-form" action="https://www.malwarebytes.com/">
<label>
<span class="screen-reader-text">Search for:</span>
<input type="search" class="search-field" placeholder="Type to search..." value="" name="s">
</label>
<input type="submit" class="search-submit" value="Search">
</form>GET https://www.malwarebytes.com/
<form role="search" method="get" class="search-form" action="https://www.malwarebytes.com/">
<label>
<span class="screen-reader-text">Search for:</span>
<input type="search" class="search-field" placeholder="Type to search..." value="" name="s">
</label>
<input type="submit" class="search-submit" value="Search">
</form>GET https://www.malwarebytes.com/blog/
<form role="search" method="get" class="search-form" action="https://www.malwarebytes.com/blog/">
<div class="labs-sub-nav__searchbar-wrap">
<input class="labs-sub-nav__search-input" type="text" name="s" placeholder="Search Labs">
<button class="labs-sub-nav__search-button" id="cta-labs-rightrail-search-submit-en" aria-label="Search in Malwarebytes">
<svg xmlns="http://www.w3.org/2000/svg" width="35px" height="35px" viewBox="0 0 24 24" fill="none">
<g clip-path="url(#clip0_15_152)">
<rect width="24" height="24" fill="none"></rect>
<circle cx="10.5" cy="10.5" r="6.5" stroke="#0d3ecc" stroke-linejoin="round"></circle>
<path d="M19.6464 20.3536C19.8417 20.5488 20.1583 20.5488 20.3536 20.3536C20.5488 20.1583 20.5488 19.8417 20.3536 19.6464L19.6464 20.3536ZM20.3536 19.6464L15.3536 14.6464L14.6464 15.3536L19.6464 20.3536L20.3536 19.6464Z" fill="#0d3ecc">
</path>
</g>
<defs>
<clipPath id="clip0_15_152">
<rect width="24" height="24" fill="#0d3ecc"></rect>
</clipPath>
</defs>
</svg>
</button>
</div>
</form>https://www.malwarebytes.com/newsletter/
<form action="https://www.malwarebytes.com/newsletter/" class="newsletter-form">
<div class="newsletter-form__inline">
<label>Email Address</label>
<input type="email" name="email" id="cta-footer-newsletter-input-email-en" placeholder="Email Address" required="" class="newsletter-form__email">
<input type="hidden" class="newsletter-form__pageurl" value="https://www.malwarebytes.com/blog/news/2024/02/lockbit-the-worlds-worst-ransomware-is-down">
<input name="source" type="hidden" value="">
<input type="submit" value="Sign Up" class="newsletter-form__btn" id="cta-footer-newsletter-subscribe-email-en">
</div>
<div class="newsletter-form__validate hidden">
<span></span>
</div>
</form>Text Content
Skip to content
Search
Search Malwarebytes.com
Search for:
* Contact Us
* Personal Support
* Business Support
* Talk to Sales
* Contact Press
* Partner Programs
* Submit Vulnerability
* Company
* About Malwarebytes
* Careers
* News & Press
* Sign In
* MyAccount sign in: manage your personal or Teams subscription >
* Cloud Console sign in: manage your cloud business products >
* Partner Portal sign in: management for Resellers and MSPs >
* Personal
< Personal
Products
* Malwarebytes Premium >
* Malwarebytes Privacy VPN >
* Malwarebytes Identity Theft Protection >
* Malwarebytes Browser Guard >
* Malwarebytes for Teams/small offices >
* AdwCleaner for Windows >
--------------------------------------------------------------------------------
Find the right product
See our plans
Infected already?
Clean your device now
Solutions
* Free antivirus >
* Free virus scan & removal >
* Windows antivirus >
* Mac antivirus >
* Android antivirus >
* iOS security >
* Chromebook antivirus >
See personal pricing
Manage your subscription
Visit our support page
* Business
< Business
BUNDLES
* Core
* Prevent and remediate threats and identify vulnerabilities
* Advanced
* Utilize threat guidance and patch management plus everything in Core
* Elite
* Deploy Managed Detection and Response plus everything in Advanced
* Ultimate
* Protect against categories of malicious websites plus everything in Elite
TECHNOLOGY HIGHLIGHTS
* Managed Detection & Response (MDR)
* Deploy fully-managed threat monitoring, investigation, and remediation
* Endpoint Detection & Response (EDR)
* Prevent more attacks with security that catches what others miss
* Security Advisor
* Visualize and optimize your security posture in just minutes
* For Education
* Secure your students and institution against cyberattacks
Learn more about Security Advisor (available in every bundle) and see the
full list of our products and services.
Full technology list >
* Pricing
< Pricing
Personal pricing
Protect your personal devices and data
Small office/home office pricing
Protect your team’s devices and data
Business pricing
Explore our award-winning endpoint security products, from EP to EDR to MDR
* Partners
< Partners
Explore Partnerships
Partner Solutions
* Resellers
* Managed Service Providers
* Computer Repair
* Technology Partners
* Affiliate Partners
Contact Us
* Resources
< Resources
Learn About Cybersecurity
* Antivirus
* Malware
* Ransomware
Malwarebytes Labs – Blog
* Glossary
* Threat Center
Business Resources
* Reviews
* Analyst Reports
* Case Studies
Press & News
Reports
The State of Malware 2023 Report
Read report
* Support
< Support
Technical Support
* Personal Support
* Business Support
* Premium Services
* Forums
* Vulnerability Disclosure
* Report a False Positive
Featured Content
* Activate Malwarebytes Privacy on Windows device.
See Content
Product Videos
Free Download
* Contact Us
* < Contact Us
* Personal Support
* Business Support
* Talk to Sales
* Contact Press
* Partner Programs
* Submit Vulnerability
* Company
* < Company
* About Malwarebytes
* Careers
* News & Press
* Sign In
* < Sign In
* MyAccount sign in: manage your personal or Teams subscription >
* Cloud Console sign in: manage your cloud business products >
* Partner Portal sign in: management for Resellers and MSPs >
Search Search
Search Malwarebytes.com
Search for:
SUBSCRIBE rss
Cybercrime | News | Ransomware
LOCKBIT, THE WORLD’S WORST RANSOMWARE, IS DOWN
Posted: February 19, 2024 by Mark Stockley
For the last two years the absolute worst, most prolific, most globally
significant “big game” ransomware gang has been LockBit.
This evening its position as ransomware’s biggest beast is suddenly in doubt,
following some non-consensual website redecoration at the hands of the UK’s
National Crime Agency (NCA).
The LockBit data leak site has a new look
The LockBit dark web site usually hosts the names and data of organisations that
refused to pay ransoms. That’s been replaced by a message from the NCA, saying:
> This site is now under the control of The National Crime Agency of the UK,
> working in close cooperation with the FBI and the international law
> enforcement task force, ‘Operation Cronos’.
Repleat with the flags and badges of the countries and agencies involved, the
new look site promises there is more to come. “We can confirm that Lockbit’s
services have been disrupted as a result of International Law Enforcement action
– this is an ongoing and developing operation. Return here for more information
at: 11:30 GMT on Tuesday 20th Feb.
Since the demise of Conti in 2022, LockBit has been unchallenged as the most
prolific ransomware group in the world. In the last 12 months it has racked up
more than two and half times as many known attacks as ALPHV, its closest rival.
Top 5 ransomware gangs by known attacks, February 2023 – January 2024
At this stage we have no idea how serious the damage to LockBit is, and law
enforcement is only claiming that the group has been “disrupted”. However, even
if that disruption isn’t fatal, it will doubtless raise serious questions among
LockBit’s criminal associates.
LockBit sells ransomware-as-a-service (RaaS) to “affiliates”, criminal gangs who
use the service to carry out ransomware attacks. Even if LockBit can rebuild its
infrastructure elsewhere those affiliates now have every reason to question its
credibility.
The takedown comes just two months after LockBit’s biggest rival, ALPHV, also
suffered a serious mauling at the hands of international law enforcement, before
staggering back to its feet.
HOW TO AVOID RANSOMWARE
* Block common forms of entry. Create a plan for patching vulnerabilities in
internet-facing systems quickly; and disable or harden remote access like RDP
and VPNs.
* Prevent intrusions. Stop threats early before they can even infiltrate or
infect your endpoints. Use endpoint security software that can prevent
exploits and malware used to deliver ransomware.
* Detect intrusions. Make it harder for intruders to operate inside your
organization by segmenting networks and assigning access rights prudently.
Use EDR or MDR to detect unusual activity before an attack occurs.
* Stop malicious encryption. Deploy Endpoint Detection and Response software
like ThreatDown EDR that uses multiple different detection techniques to
identify ransomware, and ransomware rollback to restore damaged system files.
* Create offsite, offline backups. Keep backups offsite and offline, beyond the
reach of attackers. Test them regularly to make sure you can restore
essential business functions swiftly.
* Don’t get attacked twice. Once you’ve isolated the outbreak and stopped the
first attack, you must remove every trace of the attackers, their malware,
their tools, and their methods of entry, to avoid being attacked again.
You can learn more about the threat of big game ransomware like LockBit and
ALPHV in our 2024 State of Malware report.
READ THE REPORT
SHARE THIS ARTICLE
RELATED ARTICLES
News
A WEEK IN SECURITY (FEBRUARY 12 – FEBRUARY 18)
February 18, 2024 - A list of topics we covered in the week of February 12 to
February 18 of 2024
CONTINUE READING 0 Comments
Android | News | Personal
GOLDPICKAXE TROJAN STEALS YOUR FACE!
February 16, 2024 - A group of cybercriminals is committing bank fraud by
convincing victims to scan their IDs and faces.
CONTINUE READING 0 Comments
Exploits and vulnerabilities | News
MICROSOFT EXCHANGE VULNERABILITY ACTIVELY EXPLOITED
February 16, 2024 - One of Microsoft's Patch Tuesday fixes has flipped from
"Likely to be Exploited" to “Exploitation Detected”.
CONTINUE READING 0 Comments
News | Privacy
FACEBOOK MARKETPLACE USERS’ STOLEN DATA OFFERED FOR SALE
February 15, 2024 - Personal data belonging to 200,000 Facebook Marketplace
users has been published online, including email addresses and phone numbers.
CONTINUE READING 3 Comments
Cybercrime | Ransomware | Threats
HOW RANSOMWARE CHANGED IN 2023
February 14, 2024 - In 2023, the CL0P ransomware gang broke the scalability
barrier and shook the security world with a series of short, automated
campaigns.
CONTINUE READING 0 Comments
ABOUT THE AUTHOR
Mark Stockley
Contributors
Threat Center
Podcast
Glossary
Scams
Cyberprotection for every one.
FOR PERSONAL
* Windows Antivirus
* Mac Antivirus
* Android Antivirus
* Free Antivirus
* VPN App (All Devices)
* Malwarebytes for iOS
* SEE ALL
COMPANY
* About Us
* Contact Us
* Careers
* News and Press
* Blog
* Scholarship
* Forums
FOR BUSINESS
* Small Businesses
* Mid-size business
* Larger Enterprise
* Endpoint Protection
* Endpoint Detection & Response
* Managed Detection and Response (MDR)
FOR PARTNERS
* Managed Service Provider (MSP) Program
* Resellers
MY ACCOUNT
Sign In
SOLUTIONS
* Rootkit Scanner
* Trojan Scanner
* Virus Scanner
* Spyware Scanner
* Password Generator
* Anti Ransomware Protection
ADDRESS
One Albert Quay
2nd Floor
Cork T12 X8N6
Ireland
3979 Freedom Circle
12th Floor
Santa Clara, CA 95054
LEARN
* Malware
* Hacking
* Phishing
* Ransomware
* Computer Virus
* Antivirus
* What is VPN?
* Twitter
* Facebook
* LinkedIn
* Youtube
* Instagram
CYBERSECURITY INFO YOU CAN’T LIVE WITHOUT
Want to stay informed on the latest news in cybersecurity? Sign up for our
newsletter and learn how to protect your computer from threats.
Email Address
English
* Legal
* Privacy
* Accessibility
* Vulnerability Disclosure
* Terms of Service
© 2024 All Rights Reserved
Select your language
* English
* Deutsch
* Español
* Français
* Italiano
* Português (Portugal)
* Português (Brasil)
* Nederlands
* Polski
* Pусский
* 日本語
* Svenska
This site uses cookies in order to enhance site navigation, analyze site usage
and marketing efforts. Please see our privacy policy for more information.
Privacy Policy
Cookies Settings Decline All Accept All Cookies
PRIVACY PREFERENCE CENTER
When you visit any website, it may store or retrieve information on your
browser, mostly in the form of cookies. This information might be about you,
your preferences or your device and is mostly used to make the site work as you
expect it to. The information does not usually directly identify you, but it can
give you a more personalized web experience. Because we respect your right to
privacy, you can choose not to allow some types of cookies. Click on the
different category headings to find out more and change our default settings.
However, blocking some types of cookies may impact your experience of the site
and the services we are able to offer.
Privacy Policy
Allow All
MANAGE CONSENT PREFERENCES
STRICTLY NECESSARY
Always Active
These cookies are necessary for the website to function and cannot be switched
off in our systems. They are usually only set in response to actions made by you
which amount to a request for services, such as setting your privacy
preferences, logging in or filling in forms. You can set your browser to
block or alert you about these cookies, but some parts of the site will not then
work. These cookies do not store any personally identifiable information.
Cookies Details
PERFORMANCE AND FUNCTIONALITY
Performance and Functionality
These cookies enable the website to provide enhanced functionality and
personalisation. They may be set by us or by third party providers whose
services we have added to our pages. If you do not allow these cookies then
some or all of these services may not function properly.
Cookies Details
ANALYTICS
Analytics
These cookies allow us to count visits and traffic sources so we can measure and
improve the performance of our site. They help us to know which pages are the
most and least popular and see how visitors move around the site. All
information these cookies collect is aggregated and therefore anonymous. If you
do not allow these cookies we will not know when you have visited our site, and
will not be able to monitor its performance.
Cookies Details
ADVERTISING
Advertising
These cookies may be set through our site by our advertising partners. They may
be used by those companies to build a profile of your interests and show you
relevant adverts on other sites. They do not store directly personal
information, but are based on uniquely identifying your browser and internet
device. If you do not allow these cookies, you will experience less targeted
advertising.
Cookies Details
Back Button
COOKIE LIST
Search Icon
Filter Icon
Clear
checkbox label label
Apply Cancel
Consent Leg.Interest
checkbox label label
checkbox label label
checkbox label label
Decline All Confirm My Choices