Global law enforcement recently was revealed to have disrupted ransomware group LockBit and kill the viability of its long-term malware plans. It happened with the aid of Trend Micro undercover infiltration and threat intelligence.
The news came out less than a week ago that global law enforcement disrupted LockBit, a major ransomware crime gang. The American National Crime Agency (NCA) is now in control of LockBit's administrative portals.
As well as a coordinated effort among law enforcement agencies, it's come to light that cybersecurity provider Trend Micro had a critical role to play. Trend Micro had infiltrated the LockBit group and was able to both prevent the group from releasing their next suite of malware products and also protect all Trend Micro customers from these threats even before the group had finished testing its new tools.
Further, Trend Micro's collaboration and threat intelligence sharing with the Federal Bureau of Investigation (FBI) and NCA directly assisted the investigation and successful disruption. LockBit was responsible for about 25% of all ransomware leaks in 2023, causing billions of dollars in losses for thousands of global victims over the past years.
{loadposition david08}
Trend Micro cybercrime researcher Robert McArdle said, “we are honoured that our threat intelligence is uniquely valuable to global law enforcement in the shared mission to make the world safer.”
Trend Micro has also recently secured global Microsoft users from a critical vulnerability.
McArdle says insiders aren't so naive as to think the crime group is completely eliminated, but with its infiltration now public knowledge, "we know that no sane criminal would want to be involved with this group again.”
Details from behind the scenes are unfolding and include cryptocurrency seizure, arrests, indictments, imposing sanctions and additional technical support for victims. The operation took over LockBit’s leak site, disclosing information and personal identities of group members and details of their previous works. These actions essentially make the group unwelcome and untrusted in the cybercrime world—and therefore unviable as an underground business.
Ransomware is one of the most serious cyber threats facing organisations today, known for disrupting schools, hospitals, governments, and businesses and imperilling critical national infrastructure. It does all of this while lining the pockets of a few small cybercrime groups: last year, victims paid over $1 billion to these groups and their affiliates, a record figure.
This work ultimately supported the following outcomes:
- Trend's delivery of protection in advance against LockBit-NG-Dev for its customers.
- The neutralisation of a potentially prolific strain of ransomware— preventing its use in future enterprises these actors may look to run
- A law enforcement operation that will hopefully see the end of LockBit as we know it and set a new benchmark for international collaboration across law enforcement and private partners.
While LockBit was, without doubt, the largest and most impactful Ransomware operation globally, this disruption makes it very clear that all criminal affiliates should strongly reconsider any involvement with them in the future and that in partnering with this organisation, these associates have put themselves at increased risk of law enforcement action.
More technical detail is available in Trend Micro's analysis of the next version of LockBit ransomware malware.