The LockBit ransomware operators launched a new leak site over the weekend, claiming they restored their infrastructure following a law enforcement takedown and invited affiliates to re-join the operation.

On February 19, LockBit was severely disrupted by law enforcement in North America, Europe, and Asia, which seized 34 servers, took over the group’s Tor-based leak sites, froze cryptocurrency accounts, and harvested technical information on the RaaS.