Infamous ransomware group Lockbit might return as the cybercrime group’s leaders tease a new version in development. Lockbit has struggled to stay relevant since being taken down by multiple law enforcement agencies in a joint operation in February 2024.
LockBitSupp, the persona used by the group’s admins, posted a message on its website announcing five new TOR sites, one Clearnet website, and a release date — February 3, 2025. According to Infosecurity Magazine, the following message was also posted (censored from the original post):
“Want a Lamborghini, Ferrari and lots of t***y girls? Sing up and start your pentester billionaire journey in 5 minutes with us.”
Outside of the release date and the fact that the upcoming release will be the fourth version of the infamous ransomware. Vx-Underground, a group of cybersecurity researchers claim LockBitSupp has given them free access to the upcoming program. Zscaler ThreatLabz has also reportedly added Lockbit 4.0 ransom notes to their ransomware notes repository.
Operation Cronos, the joint effort that took down Lockbit, caused major damage to the group’s digital infrastructure. It resulted in four arrests, nine seized servers, and sanctions against the group’s affiliates. Despite these efforts, Lockbit remained one of the most active threat actors in May and June 2024, only dropping out of the top 10 list in October and November.
The first LockBit version was released in January 2020, known as the “ABCD” ransomware. 2021 saw two LockBit releases, the primary LockBit 2.0 release in June and a LockBit Linux version released in October to target Linux and VMware ESXi systems. LockBit 3.0 was released in March 2022 but was shortly leaked by its developer. The current version, LockBit Green, was released in January 2023 and was reportedly a rebranded version of a Conti encryptor.
In LockBit’s 2024 absence, a few copycats have also emerged. In October 2024, a LockBit clone targeting macOS devices and another copy exploiting AWS to target both Windows and macOS devices were discovered.
Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018.
You can contact him here: yadullahabidi@pm.me.