SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
Story image
Trend Micro dismantles major ransomware group LockBit
Wed, 28th Feb 2024

Global cybersecurity company, Trend Micro, has disclosed its crucial role in the disbandment of major ransomware group, LockBit, which bore the responsibility for approximately 25% of all ransomware leaks in 2023, totalling billions of dollars in losses.

In an international operation characterised by collaboration with agencies such as the Federal Bureau of Investigation (FBI) and National Crime Agency (NCA), Trend Micro successfully stymied the release of LockBit's new malware. This move has essentially rendered the group unviable as an underground business entity, and saw protective measures for Trend Micro users installed even before the malware had been fully tested by its creators.

Robert McArdle, a prominent figure within Trend Micro’s cybercrime research team, stated, "We are honoured that our threat intelligence is uniquely valuable to global law enforcement in the shared mission to make the world safer." The magnitude of LockBit's influence is underscored by the fact that it is responsible for billions of dollars worth of losses, experienced by thousands of victims globally over a period of four years.

McArdle further added, "Last week Trend secured global Microsoft users from a critical vulnerability and this week we were a part of dethroning the most critical threat actor group in the world. Now, insiders aren’t naive enough to assume this will eliminate the crime group, but we know that no sane criminal would want to be involved with this group again."

This operation has also unveiled pivotal information such as cryptocurrency seizure, arrests and indictments, as well as imposed sanctions and additional technical support for victims. The method included a take over LockBit’s leak site, unveiling personal identities of group members and details of their previous works. Such measures have consequently led the group to lose trust and become unwelcome in the domain of cybercrime, making them an unviable business underground.

Ransomware is recognised as one of the most prominent cyber threats currently facing organisational infrastructures. It is notorious for disrupting schools, hospitals, and governments, while it simultaneously fills the coffers of a small number of cybercrime groups. Over the previous year, victims' payments to such groups exceeded over $1 billion, a record-breaking figure.

The work carried out in this operation has led to multiple outcomes including, delivering advanced protection against LockBit-NG-Dev to Trend's clients, neutralising a potentially prolific strain of ransomware, and setting a fresh precedent for international co-operation across law enforcement and private partners. The investigation further yielded revelations that will likely lead to the demise of LockBit's operation as it currently stands.

The discrediting of LockBit, formerly the largest and most impactful ransomware operation globally, signals a warning to potential cybercriminal affiliates to reevaluate their involvement with threat actor groups. It's clear that association with such organisations places such individuals at an increased risk of law enforcement action.