LockBit malware group still at large, now using Citrix Bleed tactics

The malware group behind the LockBit ransomware has enhanced its exploitations of the CitrixBleed vulnerability. Despite warnings and government-ordered fixes, over 3,000 devices, mainly in North America and Europe, remain affected. The group recently imposed new negotiation rules on affiliates, outlining a tiered, percentage-based system for ransom costs based on victim’s revenue. Its constantly evolving negotiation tactics and methods are part of an ongoing rebranding effort.