Disrupted during Operation Cronos, the gang is responsible for a quarter of ransomware attacks in the world
Trend Micro, a global cybersecurity solutions company, released a report with comprehensive findings from the Threat Intelligence sector following the dismantling of the LockBit group. The unprecedented international action, known as Operation Cronos, impacted the criminal corporation responsible for a quarter of ransomware attacks worldwide.
The global operation against LockBit represents a significant step forward in the fight against cybercrime and was different from many police actions against criminal groups. This is because it dealt a decisive blow to this important threat actor in a way that paralyzed its infrastructure, undermined its financial resources and exposed affiliates, breaking their trust within the illicit networks themselves.
“We strongly support law enforcement agencies’ disruptive international cooperation work against Lockbit and are pleased with our ability to provide support in anticipation of the criminal group’s future plans. As we dissected the consequences of its downfall, we were able to strengthen the defense of our global customer base, producing tangible results,” highlighted Robert McArdle, Cybercrime Research team leader at Trend Micro.
The operation tarnished LockBit's reputation within its network and within the cybercrime community in general, rendering its attempts at regrouping null and void. “Lockbitsupp,” the alleged leader of the ransomware group, was also banned from two popular underground forums: XSS and Exploit.
The group has been trying to rebuild the New Onion leak sites launched a week after the raid, and “Lockbitsupp” is actively looking for brokers that sell access to top-level domains (TLDs).gov, .edu and .org, – it appears be a reprisal action for Operation Cronos. But it appears that these attempts have not been successful.
Trend telemetry reveals specific cases of attacks since the interruption of Lockbit's activities. Although dozens of victims have been posted on the new LockBit leak site, the vast majority have been re-uploaded from previous campaigns or are victims of other threat groups such as ALPHV.
The group has also been developing a new version of the ransomware, Lockbit-NG-Dev, which Trend has been closely monitoring and providing advanced protections to customers.
The international operation that Trend Micro was part of that put an end to LockBit activity as we know it involved a coalition of law enforcement agencies from the United States, Great Britain, France, Japan, Switzerland, Canada, Australia, Sweden, the Netherlands, Finland and Germany, in addition to the collaboration of private partners.
Click ON HERE to read report details “Revealing the consequences: the impact of Operation Cronos on LockBit following the historic milestone of its interruption”.
EN 
PT 
