The recent takedown of the notorious ransomware group LockBit has turned out to be quite a short-lived victory, as the cybercriminal gang has recently resurfaced. It seems like LockBit came back with a vengeance, as not only a week after their takedown, they returned with multiple cyber attacks!


How did LockBit return so quickly?!

While their primary servers were compromised, backup blogs lacking PHP remained unaffected. This allowed the group to continue their spree of cyber attacks.

Despite this setback, the UK’s National Crime Agency (NCA), remains resolute. Recognizing the group’s potential to regroup and rebuild, the NCA emphasizes the ongoing efforts to target and disrupt their operations.

LockBit’s retaliation was evident in its renewed focus on targeting government agencies and critical infrastructure. Reports emerged of attacks on healthcare facilities, including the notable breach of Ernest Health, a network of hospitals across the United States.

The group’s actions highlight the urgent need for vigilance among businesses and organizations.

Ismael Valenzuela, Vice President of Threat Research and Intelligence at BlackBerry Cybersecurity, views the takedown of LockBit as a positive step forward.

However, he warns against complacency, noting the resurgence of the group’s servers and the potential for other threat actors to fill the void left by their absence. With a significant increase in novel malware attacks, particularly targeting healthcare and critical infrastructure, the threat landscape remains dynamic and ever-evolving.


The Cyber Attacks

Not only did LockBit return, but they came back swinging, launching several cyber attacks in the process. Specifically, Ernest Health- a chain of hospitals across the US.- was targeted, as well as the FBI themselves. You can find the proof from nowhere else but LockBit’s website. Although, you might need a different browser to find it!

After the attacks, LockBit released a public statement about the crackdown from the FBI and NCA, highlighting several interesting points.

Firstly, LockBit’s take on the crackdown that left them temporarily offline, was due to the sensitive information they held over the FBI. The information is question is rumoured to relate to Donald Trump’s Georgia Election Case.

Additionally, the cyber criminal gang also announced that they were left offline temporarily from the crackdown, mostly because of their own compliance. However, LockBit has also made it very clear that they are not to be taken lightly, even stating to the FBI directly, “You can’t stop me”.



The fight against ransomware demands a multifaceted approach. Businesses must remain vigilant always. This includes monitoring for unauthorized changes and maintaining real-time visibility into network activity.

By investing in robust cyber security measures, we can mitigate risks and safeguard against future attacks. In the ongoing battle against ransomware, resilience and vigilance are the keys to success.

We hope you’ve liked this blog and that you’ll stick around to see our future releases. We cover everything from recent IT News to Knowledgebase articles. Thanks for reading!