The hacker group Lockbit, known for its extortion attacks, suffered a major blow as the British authorities conducted the Kronos operation, leading to the liquidation of their infrastructure. This dealt a significant blow to the group, which had been a major player in the cybercrime field for some time.
Lockbit has faced a series of challenges over the past year, including internal disputes, leaks of tools, inconsistent attacks, deceit of victims, and competitors using leaked tools for malicious operations. These events have eroded confidence in Lockbit among affiliates and victims, hindering the group’s expansion and disrupting their previous rapid pace of attacks.
Despite the dismantling of LockBit’s infrastructure and successful arrests of former members by law enforcement, devoted dark hackers within the group are already working on developing new malicious software to help them bounce back and regain their position in the cybercrime world.
Recently, researchers from Trend Micro discovered a new software from Lockbit, dubbed Lockbit-NG-DEV. This software could be the foundation for the next version of Lockbit’s malware, potentially Lockbit 4.0. The new version is built on .NET and compiled with Corert, making it more versatile and less tied to specific platforms, indicating the group’s intention to expand their attack capabilities.
Unlike earlier versions, Lockbit-NG-Dev lacks self-propagation features seen in previous implementations, suggesting the group’s focus on better control over the spread of their malware and avoiding unwanted attention from security agencies. The new version also includes mechanisms for more refined attack setups, allowing affiliates to efficiently manage victim encryption and ransom negotiations.
With significant improvements in the new software and efforts to address previous shortcomings, LockBit stands a chance at regaining its position in the cybercrime market. However, the group’s ability to restore its reputation and navigate law enforcement scrutiny while effectively working with affiliates will ultimately determine their future success in the cybercrime landscape.