LockBit ransomware gang teases February 2025 return

After being targeted by the National Crime Agency (NCA) coordinated Operation Cronos in February 2024, an individual or group associated with the LockBit ransomware gang has emerged to announce the upcoming release of a new locker malware, LockBit 4.0.

Screenshots from the dark web have surfaced on social media, showing the cyber criminal inviting interested parties to join their “pentester billionaire journey” with promises of supercars and women. As of now, the links provided do not lead anywhere, but a countdown timer indicates a launch date of 3 February 2025.

Robert Fitzsimons, lead threat intelligence engineer at Searchlight Cyber, expressed uncertainty about what LockBit 4.0 will entail. It is unclear if the gang is launching a new leak site or making changes to their ransomware.

Fitzsimons noted that LockBit has undergone several iterations, with the current version being LockBit 3.0. The motivation behind the update could be to re-establish credibility following the setbacks caused by Operation Cronos earlier in the year.

Despite a decline in LockBit’s activities post-Operation Cronos, the recent announcement indicates their efforts to attract affiliates and continue operations.

The timing of the announcement coincides with reports of the US government seeking the extradition of an alleged LockBit operative, Rotislav Panev, from Israel to face charges of wire fraud and cybercrime.

Panev, a software developer for LockBit, is accused of creating mechanisms used for printing ransom notes on compromised systems. His lawyer asserts Panev’s innocence, claiming he was not involved in any fraudulent activities.

An extradition hearing for Panev is scheduled for January 2025, with ongoing efforts to bring him to trial.