GEC NEWS WIREThe global law enforcement effort led by the UK and US to disrupt LockBit ransomware operations is positive news for cyber defenders and organizations who are still suffering the impacts of LockBit infections. The law enforcement effort resulted in compromising and disrupting a significant portion of the infrastructure used by LockBit and their affiliates to conduct encryption and data leak operations. Two individuals alleged to be members of the LockBit group were arrested, which typically results in longer-term disruption and more information about the inner workings of the criminal operation becoming known over time.
Perhaps most importantly to current victim organizations, the fact that decryption keys were recovered and released by law enforcement will bring immediate relief to those who are attempting to recover their data that was encrypted by LockBit. Additionally, freezing over 200 cryptocurrency accounts linked to LockBit activities will restrict the actors’ ability to access their money, further hampering their operations, and the U.S. Treasury sanctions may impact organizations’ decisions on whether to pay future ransomware demands.
However, it’s too early to say for certain the impact on the broader landscape. It’s worth noting that disruptions to cybercrime operations, while providing resources for victims and imposing significant costs on adversaries, don’t fully eradicate the problem. For example, the August 2023 disruption of the Qbot botnet did not stop the activities of one of the most prominent distributors of this malware (TA577), and they shifted to different malware to continue their initial access activities. We currently see with Initial Access Brokers (IABs) — or actors whose activity can lead to ransomware — increasing experimentation, flexibility, creativity, and sophistication in attack chains.
This includes everything from improved social engineering, unusual file types, CVE exploitation, chaining scripting files, and so much more. IAB and ransomware actors are also leaning into 0-day and n-day vulnerabilities, developing new and aggressive social engineering techniques, and using publicly available hacking tools to access organizations.
Any significant disruption to large-scale cybercriminal activities is something to celebrate. But the fight against cybercrime that costs millions of dollars per year continues.
