The LockBit ransomware group will soon launch a comeback with the planned release of LockBit 4.0 in February 2025, Cyble dark web researchers reported in a note to clients today.
The launch of LockBit 4.0 will come almost a year after a global law enforcement action disrupted its operations and led to the recovery of nearly 7,000 decryption keys. RansomHub has since emerged as the most active ransomware group.
The Cyble note to clients included an image of LockBit’s announcement, edited to remove profanity:
“Want a lamborghini, ferrari and lots of … girls?” the group’s announcement said. “Sign up and start your pentester billionaire journey in 5 minutes with us.”
Can LockBit Make a Comeback?
It remains to be seen if LockBit can successfully mount a comeback after being hit by significant takedowns, arrests and the release of decryption keys.
It has been more than two years since the release of LockBit 3.0, and as LockBit was said to be developing the 4.0 version at the time of the law enforcement actions, significant changes likely would have been required if law enforcement obtained access to any source code.
Cyble researchers noted that “it is uncertain whether LockBit will regain traction, as the group has faced declining credibility amidst competition from other RaaS groups, such as RansomHub, which currently dominate the ransomware landscape.”
The official release of the LockBit 4.0 Ransomware-as-a-Service (RaaS) program is set for February 3, 2025, Cyble noted, and the group included keys for accessing their dark leak site (DLS).
LockBit 4.0 Will Join Growing RaaS Services
The RaaS model has become increasingly popular with ransomware groups, selling tools, playbooks and infrastructure in exchange for a share of the profits.
And with LockBit competing against versions of its own ransomware built on leaked source code, the group appears to face significant hurdles in staging a comeback.
Threat researchers will also be watching to see if LockBit changes its targets or regions to avoid attracting international law enforcement attention. A 2022 attack on the Toronto Hospital for Sick Children was particularly ill-advised, and led to an apology from LockBit along with a free decryptor.
