In February 2024, the US Department of Justice (DOJ), together with the UK’s National Crime Agency (NCA) and other international law enforcement partners, announced that they had disrupted the notorious LockBit ransomware group.
LockBit is a cybercriminal group that provides ransomware as a service (RaaS). The group has targeted over 2,000 victims worldwide and has received more than US$120 million in ransom payments.
The international joint operation was able to seize numerous public-facing websites that were used by LockBit to connect to their infrastructure. By seizing control of the servers used by LockBit’s administrators, the joint operation was able to disrupt LockBit’s ability to attack and encrypt networks, as well as extort victims by threatening to publish or destroy stolen data.
Why is LockBit Ransomware So Dangerous?
LockBit Ransomware encrypts the files on a victim’s computer, rendering the files inaccessible. The cybercriminals then demand a ransom payment in cryptocurrency in order to decrypt the files. Should the victim fail to pay the ransom, the cybercriminals may threaten to delete the files or leak them to the public.
LockBit Ransomware operates on a subscription-based service model, and subscribers have access to the tools and admin portals that are needed to deploy attack chains. Once an initial host has been compromised, the ransomware identifies and connects to other vulnerable hosts. This spreads the infection using a script without any human intervention.
Fortunately, the joint operation was able to obtain keys from the seized LockBit infrastructure. These keys could help victims decrypt their compromised systems and regain access to their stolen data.
LockBit’s Take Down Might Be Temporary
While the international joint operation’s take down of LockBit has dealt a significant blow to the group’s ability to launch cyberattacks and extort their victims, there are signs that the group is already on the rebound.
It’s unclear if all of the infrastructure was captured and dormant affiliates may pose a threat. The group may attempt to resurrect under a different name or through affiliates who weren’t impacted by the take down. There is also evidence that a backup site with all of the leaked information has been made available and some reports suggest that the group has reassured its affiliates about the soundness of its core operations.
“Even the bad guys have business continuity in place,” notes Stuart Sanders, Velocity’s Chief Technology Officer. “The resilience of cybercriminal groups like LockBit makes it abundantly clear that businesses need to have a robust business continuity and risk management plan in place to bolster their cybersecurity. Failure to make these strategic investments could render organisations vulnerable to cyberattacks initiated by threat actors.”
Businesses that want to shield themselves from the latest cybersecurity threats should consider investing in Velocity’s Managed Cybersecurity Services and Solutions. Whether you’re just embarking on your business journey, scaling up your operations, or striving to meet the most stringent compliance and regulatory requirements in your industry, Velocity offers tailored cybersecurity services and training to fortify your business.
To learn more, consider getting in touch for a free consultation.
