LockBit Bounces Back: Cybercriminals Defy Law Enforcement with Dark Web Comeback and Fresh Victim List!

LockBit’s back, and they’re not PHP-ing around! Despite law enforcement’s cyber-siege, this ransomware rascal’s dark web comeback is complete with fresh victims and a side of Trump intrigue. But will their new ‘no freebies’ policy decrypt their way to infamy or an epic fail? Stay tuned!

Hot Take:

Oh, the resilience of the LockBit ransomware crew! Like a bad penny or that one relative who never gets the hint to leave the party, they’ve bounced back on the dark web with the cyber equivalent of “You can’t touch this.” Meanwhile, the SugarLocker gang is experiencing a rather bitter aftertaste with some Russian hospitality – behind bars. Ransomware escapades: the gift that keeps on giving (headaches to law enforcement and everyone else).

Key Points:

  • LockBit ransomware’s comeback tour is happening on a new .onion address, now with a dozen fresh victims to boast about.
  • The “oh-so-cautious” LockBit boss blames a PHP vulnerability for their recent cyber woes but admits to a bit of laziness in updating their servers.
  • These LockBit folks have a bone to pick with the FBI, accusing them of “hacking” their systems and tarnishing their affiliate program’s stellar reputation (if “stellar” ever applied to ransomware gangs).
  • Over in Russia, it’s not all vodka and caviar for the SugarLocker squad as three members get snagged by the law, revealing their not-so-sweet connection to a legit IT firm façade.
  • The SugarLocker arrest includes a chap with three aliases and a suspected hand in the notorious Medibank hack, proving that cybercriminals can run, but they can’t hide… forever.
Title: Buffer overflow and overread in phar_dir_read()
Cve id: CVE-2023-3824
Cve state: PUBLISHED
Cve assigner short name: php
Cve date updated: 08/11/2023
Cve description: In PHP version 8.0.* before 8.0.30,  8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE. 

Need to know more?

LockBit: The Updating Conundrum

Amidst a backdrop of international cops playing digital whack-a-mole, the LockBit admin candidly shared their oopsie-daisy moment of not updating PHP, opening the door to law enforcement's bear hug. It's a classic tale of "should've updated, didn't update, got caught." They're now editing code by the flickering light of their TOR browser, promising to up their cyber game because, you know, pride.

LockBit's Laundry List

Not only are the LockBit folks miffed at the FBI for allegedly hacking back (turnabout is fair play?), but they also claim the seized documents are juicier than a prime-time soap opera, filled with Trump's legal battles and election intrigue. The LockBit leader's call to arms against the .gov domain is like the supervillain monologue that everyone secretly enjoys.

Affiliate Alias Anonymity

The ransomware ringleader wants the world to know that their affiliates' nicknames are secure. Because, clearly, what's most important in the shady world of ransomware is making sure everyone knows you've got the best username security practices while you encrypt other people's data for a living.

When Sugar Turns Sour

Meanwhile, the SugarLocker group's sweet ride came to a sour end as Russian law enforcement served up a cold dish of justice to three members. They apparently moonlighted as a legit IT firm, proving that the line between tech support and cyber extortion is thinner than your grandmother's patience when the Wi-Fi goes down.

Blade Runner or Blade Caught?

One of the SugarLocker trio, Ermakov, a man of many aliases, seems to have had his final run-in with the law. Notably fingered in the Medibank hack, he's now facing the music – and not the kind you can dance to. This arrest is a reminder that no matter how many pseudonyms you use, you can't escape the long arm of cyber law (or the short arm, or any arm really).

Blackouts and Cyber Attacks

As if all this wasn't enough drama for one day, a Russian national's facing the music for leaving 38 settlements in the dark, literally. It's like someone took the concept of 'turn it off and on again' a bit too far, and now they're about to get their own switch flipped – to the 'guilty' position.

So there you have it, folks. The cyber world spins on, with its villains and heroes locked in an endless dance of attack and defend, hack and backtrack. It's like watching a never-ending tennis match, except every serve could potentially shut down a hospital or leak your spicy texts. Grab your popcorn, but maybe keep an antivirus on standby.

Tags: CVE-2023-3824, FBI cyber operations, international cybersecurity sanctions, LockBit Ransomware, Ransomware-as-a-Service (RaaS), SugarLocker arrests, Tor network