{"id":55485,"date":"2024-03-04T03:15:10","date_gmt":"2024-03-04T03:15:10","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/lockbits-contested-claim-of-fresh-ransom-payment-suggests-its-been-well-hobbled\/"},"modified":"2024-03-04T03:15:10","modified_gmt":"2024-03-04T03:15:10","slug":"lockbits-contested-claim-of-fresh-ransom-payment-suggests-its-been-well-hobbled","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/lockbits-contested-claim-of-fresh-ransom-payment-suggests-its-been-well-hobbled\/","title":{"rendered":"LockBit&#8217;s contested claim of fresh ransom payment suggests it&#8217;s been well hobbled"},"content":{"rendered":"<p><span class=\"label\">Infosec in brief<\/span> The infamous LockBit ransomware gang has been busy in the ten days since an international law enforcement operation took down many of its systems. But despite its posturing, the gang might have suffered more than it&#8217;s letting on.<\/p>\n<p>While there have been <a href=\"https:\/\/www.theregister.com\/2024\/02\/23\/lockbit_extorted_billions_of_dollars\/\">plenty<\/a> <a href=\"https:\/\/www.theregister.com\/2024\/02\/21\/lockbit_leaks\/\">of<\/a> <a href=\"https:\/\/www.theregister.com\/2024\/02\/22\/ukrainian_police_arrest_father_and\/\">revelations<\/a> \u2013 and <a href=\"https:\/\/www.theregister.com\/2024\/02\/23\/lockbit_identity_reveal\/\">disappointments<\/a> \u2013 since law enforcement seized LockBit&#8217;s website and <a href=\"https:\/\/www.theregister.com\/2024\/02\/20\/lockbit_down_operation_cronos\/\">disrupted its operations<\/a> on February 20, the gang has done anything but vanish.<\/p>\n<p>LockBit quickly set up a new website and updated it with a list of forthcoming victim ransom deadlines \u2013 one of which included <a href=\"https:\/\/www.theregister.com\/2024\/02\/26\/lockbit_back_in_action\/\">data allegedly stolen from Fulton County, Georgia<\/a>. Among that data, LockBit claimed, was information about former president Donald Trump&#8217;s ongoing court cases in the county, which LockBit claimed could have affected the 2024 presidential election.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"condor\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZeV0ea1qwDVgeyH1b6ggSQAAARQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZeV0ea1qwDVgeyH1b6ggSQAAARQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>But the February 29 deadline for Fulton County to pay the ransom came and went <a href=\"https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/02\/29\/stolen-donald-trump-court-files-will-be-published-february-29-hackers-say\/\" rel=\"nofollow\">without<\/a> any data being published. LockBit <a href=\"https:\/\/www.fox5atlanta.com\/news\/fulton-county-cyberattack-deadline-lockbit-ransom-demand\" rel=\"nofollow\">claimed<\/a> Fulton County paid the ransom to prevent data being exposed, but Fulton County officials <a href=\"https:\/\/www.fox5atlanta.com\/news\/fulton-county-cyberattack-lockbit-ransom-passes\" rel=\"nofollow\">protested<\/a> they did no such thing \u2013 nor did they use an intermediary to pay the group.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xmd=\",fluid,mpu,leaderboard,\" data-lg=\",fluid,mpu,leaderboard,\" data-xlg=\",fluid,billboard,superleaderboard,mpu,leaderboard,\" data-xxlg=\",fluid,billboard,superleaderboard,brandwidth,brandimpact,leaderboard,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZeV0ea1qwDVgeyH1b6ggSQAAARQ&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZeV0ea1qwDVgeyH1b6ggSQAAARQ&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<div class=\"adun_eagle_desktop_story_wrapper\">\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"mid\" data-raptor=\"eagle\" data-xxlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZeV0ea1qwDVgeyH1b6ggSQAAARQ&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZeV0ea1qwDVgeyH1b6ggSQAAARQ&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<\/p><\/div>\n<p>Brett Callow, threat analyst with Emsisoft, <a href=\"https:\/\/krebsonsecurity.com\/2024\/02\/fulton-county-security-experts-call-lockbits-bluff\/#more-66580\" rel=\"nofollow\">suggested that<\/a> rather than the ransom getting paid, it&#8217;s more likely whatever data LockBit may have had on Fulton County or Donald Trump was seized by law enforcement earlier this month.<\/p>\n<p>&#8220;I think it was a case of them trying to convince their affiliates that they were still in good shape,&#8221; Callow told Krebs on Security.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZeV0ea1qwDVgeyH1b6ggSQAAARQ&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZeV0ea1qwDVgeyH1b6ggSQAAARQ&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>Whether LockBit is just trying to save face and is effectively disabled remains to be seen, but Callow seems to believe that&#8217;s the case.<\/p>\n<p>&#8220;This is about trying to still affiliates&#8217; nerves, and saying, &#8216;All is well, we weren&#8217;t as badly compromised as law enforcement suggested,'&#8221; Callow opined. &#8220;But I think you&#8217;d have to be a fool to work with an organization that has been so thoroughly hacked as LockBit has.&#8221;<\/p>\n<div class=\"boxout\" readability=\"10.56062767475\">\n<h3 class=\"crosshead\">Critical vulnerabilities of the week<\/h3>\n<p>Not much to report in terms of CVEs with a CVSS rating of 8.0 or higher this week \u2013 just a couple of vulnerabilities in Cisco&#8217;s NX-OS datacenter operating system.<\/p>\n<ul>\n<li>CVSS 8.6 \u2013 <a href=\"https:\/\/sec.cloudapps.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-ipv6-mpls-dos-R9ycXkwM\" rel=\"nofollow\">CVE-2024-20267<\/a>: NX-OS is improperly handling MPLS traffic, which could allow an unauthenticated remote attacker to cause the netstack process to restart, leading to affected devices not processing network traffic.<\/li>\n<li>CVSS 8.6 \u2013 <a href=\"https:\/\/sec.cloudapps.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-nxos-ebgp-dos-L3QCwVJ\" rel=\"nofollow\">CVE-2024-20321<\/a>: NX-OS&#8217;s eBGP implementation is mapping traffic to a shared hardware rate-limiter queue, which means an attacker could cause DoS by bombarding a vulnerable device with traffic.<\/li>\n<\/ul>\n<p>Patches are available for both issues, so get those installed ASAP.<\/p>\n<\/div>\n<h3 class=\"crosshead\">Ivanti vuln mitigations might not work, warns CISA<\/h3>\n<p>All those Ivanti vulnerabilities under active exploit might be harder to detect and mitigate than what Ivanti has led its customers to believe, according to CISA and its partner agencies.<\/p>\n<p>In a cyber security advisory published on February 29th, CISA <a href=\"https:\/\/www.cisa.gov\/news-events\/cybersecurity-advisories\/aa24-060b\" rel=\"nofollow\">explained<\/a> that Ivanti&#8217;s Integrity Checker Tool (ICT) released publicly in response to the vulnerabilities <a href=\"https:\/\/www.theregister.com\/2024\/02\/09\/ivanti_discloses_fifth_ics_vulnerability\/\">reported<\/a> early last month may not only fail to detect compromise, but a factory reset might not eliminate root-level persistence gained by an attacker.<\/p>\n<p>Ivanti, meanwhile, told us that it wants customers to be aware that the CISA notice didn&#8217;t include any new vulnerabilities, and that it&#8217;s not aware of any instances of a threat actor gaining persistence following installation of security updates and a factory reset.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" id=\"story_eagle_xsm_sm_md_xmd_lg_xlg\" data-pos=\"mid\" data-raptor=\"eagle\" data-xsm=\",mpu,dmpu,\" data-sm=\",mpu,dmpu,\" data-md=\",mpu,dmpu,\" data-xmd=\",mpu,dmpu,\" data-lg=\",mpu,dmpu,\" data-xlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZeV0ea1qwDVgeyH1b6ggSQAAARQ&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZeV0ea1qwDVgeyH1b6ggSQAAARQ&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>Ivanti recommends that customers follow patching guidance and run the ICT. CISA, on the other hand, says Ivanti users should consider its latest warning &#8220;when determining whether to continue operating these devices.&#8221;<\/p>\n<h3 class=\"crosshead\">The next SolarWinds incident could start in the cloud<\/h3>\n<p>The <a href=\"https:\/\/www.theregister.com\/2021\/01\/19\/fireeye_solarwinds_code\/\">devastating<\/a> compromise of <a href=\"https:\/\/www.theregister.com\/2020\/12\/15\/solar_winds_update\/\">SolarWinds software<\/a> in late 2020 led to widespread compromise of affected networks when attackers were able to steal certificates from locally installed ADFS servers and use them to forge SAML tokens. Security researchers are now warning that a similar attack is possible \u2013 even against companies using identity providers located in the cloud.<\/p>\n<p>The vulnerability, <a href=\"https:\/\/www.semperis.com\/blog\/meet-silver-saml\/\" rel=\"nofollow\">dubbed<\/a> Silver SAML by researchers from Semperis, can allow an attacker to forge SAML tokens without any access to ADFS at all. The key to this attack is the use of externally generated SAML signing certificates \u2013 like the type used by <a href=\"https:\/\/www.theregister.com\/2023\/07\/17\/enra_azure_ad_opinion_column\/\">Microsoft Entra ID<\/a> and other such services.<\/p>\n<p>Semperis is not aware of any attacks using the newly reported technique, but warns that any organization relying on externally generated certificates is vulnerable. Unfortunately, the only way to protect against such an attack is to protect your certs, lest a future attacker make use of such a method to devastating effect.<\/p>\n<p>&#8220;Silver SAML attacks have the potential to be mild \u2013 or devastating,&#8221; Semperis researchers wrote in their report. &#8220;We encourage organizations to take decisive steps now to close gaps and vulnerabilities in these environments.&#8221; \u00ae<\/p>\n<p> READ MORE <a href=\"https:\/\/go.theregister.com\/feed\/www.theregister.com\/2024\/03\/04\/in_brief\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>ALSO: CISA warns Ivanti vuln mitigations might not work, SAML hijack doesn&#8217;t need ADFS, and crit vulns Infosec in brief\u00a0 The infamous LockBit ransomware gang has been busy in the ten days since an international law enforcement operation took down many of its systems. But despite its posturing, the gang might have suffered more than it&#8217;s letting on.\u2026 READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-55485","post","type-post","status-publish","format-standard","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>LockBit&#039;s contested claim of fresh ransom payment suggests it&#039;s been well hobbled 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/lockbits-contested-claim-of-fresh-ransom-payment-suggests-its-been-well-hobbled\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"LockBit&#039;s contested claim of fresh ransom payment suggests it&#039;s been well hobbled 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/lockbits-contested-claim-of-fresh-ransom-payment-suggests-its-been-well-hobbled\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2024-03-04T03:15:10+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZeV0ea1qwDVgeyH1b6ggSQAAARQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/lockbits-contested-claim-of-fresh-ransom-payment-suggests-its-been-well-hobbled\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/lockbits-contested-claim-of-fresh-ransom-payment-suggests-its-been-well-hobbled\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"LockBit&#8217;s contested claim of fresh ransom payment suggests it&#8217;s been well hobbled\",\"datePublished\":\"2024-03-04T03:15:10+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/lockbits-contested-claim-of-fresh-ransom-payment-suggests-its-been-well-hobbled\\\/\"},\"wordCount\":802,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/lockbits-contested-claim-of-fresh-ransom-payment-suggests-its-been-well-hobbled\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZeV0ea1qwDVgeyH1b6ggSQAAARQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/lockbits-contested-claim-of-fresh-ransom-payment-suggests-its-been-well-hobbled\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/lockbits-contested-claim-of-fresh-ransom-payment-suggests-its-been-well-hobbled\\\/\",\"name\":\"LockBit's contested claim of fresh ransom payment suggests it's been well hobbled 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/lockbits-contested-claim-of-fresh-ransom-payment-suggests-its-been-well-hobbled\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/lockbits-contested-claim-of-fresh-ransom-payment-suggests-its-been-well-hobbled\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZeV0ea1qwDVgeyH1b6ggSQAAARQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"datePublished\":\"2024-03-04T03:15:10+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/lockbits-contested-claim-of-fresh-ransom-payment-suggests-its-been-well-hobbled\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/lockbits-contested-claim-of-fresh-ransom-payment-suggests-its-been-well-hobbled\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/lockbits-contested-claim-of-fresh-ransom-payment-suggests-its-been-well-hobbled\\\/#primaryimage\",\"url\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZeV0ea1qwDVgeyH1b6ggSQAAARQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"contentUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZeV0ea1qwDVgeyH1b6ggSQAAARQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/lockbits-contested-claim-of-fresh-ransom-payment-suggests-its-been-well-hobbled\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"LockBit&#8217;s contested claim of fresh ransom payment suggests it&#8217;s been well hobbled\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"LockBit's contested claim of fresh ransom payment suggests it's been well hobbled 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/lockbits-contested-claim-of-fresh-ransom-payment-suggests-its-been-well-hobbled\/","og_locale":"en_US","og_type":"article","og_title":"LockBit's contested claim of fresh ransom payment suggests it's been well hobbled 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/lockbits-contested-claim-of-fresh-ransom-payment-suggests-its-been-well-hobbled\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2024-03-04T03:15:10+00:00","og_image":[{"url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZeV0ea1qwDVgeyH1b6ggSQAAARQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/lockbits-contested-claim-of-fresh-ransom-payment-suggests-its-been-well-hobbled\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/lockbits-contested-claim-of-fresh-ransom-payment-suggests-its-been-well-hobbled\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"LockBit&#8217;s contested claim of fresh ransom payment suggests it&#8217;s been well hobbled","datePublished":"2024-03-04T03:15:10+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/lockbits-contested-claim-of-fresh-ransom-payment-suggests-its-been-well-hobbled\/"},"wordCount":802,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/lockbits-contested-claim-of-fresh-ransom-payment-suggests-its-been-well-hobbled\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZeV0ea1qwDVgeyH1b6ggSQAAARQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/lockbits-contested-claim-of-fresh-ransom-payment-suggests-its-been-well-hobbled\/","url":"https:\/\/www.threatshub.org\/blog\/lockbits-contested-claim-of-fresh-ransom-payment-suggests-its-been-well-hobbled\/","name":"LockBit's contested claim of fresh ransom payment suggests it's been well hobbled 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/lockbits-contested-claim-of-fresh-ransom-payment-suggests-its-been-well-hobbled\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/lockbits-contested-claim-of-fresh-ransom-payment-suggests-its-been-well-hobbled\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZeV0ea1qwDVgeyH1b6ggSQAAARQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","datePublished":"2024-03-04T03:15:10+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/lockbits-contested-claim-of-fresh-ransom-payment-suggests-its-been-well-hobbled\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/lockbits-contested-claim-of-fresh-ransom-payment-suggests-its-been-well-hobbled\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/lockbits-contested-claim-of-fresh-ransom-payment-suggests-its-been-well-hobbled\/#primaryimage","url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZeV0ea1qwDVgeyH1b6ggSQAAARQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","contentUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZeV0ea1qwDVgeyH1b6ggSQAAARQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/lockbits-contested-claim-of-fresh-ransom-payment-suggests-its-been-well-hobbled\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"LockBit&#8217;s contested claim of fresh ransom payment suggests it&#8217;s been well hobbled"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/55485","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=55485"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/55485\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=55485"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=55485"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=55485"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}