The UK has partnered with the US to launch an online operation against Lockbit, the world’s largest criminal ransomware group. This recent operation shows just how important fighting cybercrime is becoming for governments worldwide.
According to the BBC, The National Crime Agency (NCA) successfully infiltrated Lockbit’s systems, seizing a vast amount of data.
This operation, involving partners like the FBI and Europol, is a real victory against the cyber-criminal community.
Want to protect yourself against cyberattacks? Check out the latest VPN offers here.
Who Are Lockbit?
Lockbit, believed to be based in Russia, has been identified as one of the world’s most active ransomware groups.
It operates by selling ransomware services to other criminals, allowing them to lock companies out of their systems until a ransom is paid.
Since its inception in 2019, Lockbit has targeted companies such as Royal Mail, Industrial & Commercial Bank of China, and Boeing, causing huge disruptions.
How Did Law Enforcement Target Lockbit?
The operation against Lockbit was planned carefully, with law enforcement agencies gathering data before making a public announcement.
By gaining access to Lockbit’s systems, they have not only taken control of the group’s dark web site but also been able to get better insights into the real scale of Lockbit’s operations.
To show that they had been successful in their operation, the takedown was publicly announced through a message on Lockbit’s website, which now shows the logos relating to the law enforcement agencies involved.
The NCA has said they aim to use the data that they found on the site to shut down the group’s operations.
Could Lockbit Come Back?
Despite the success of the operation, cyber-criminal groups have been known to adapt and return.
However, the nature of this intervention, coupled with the very public exposure, could mean that the group won’t come back.
The operation shows just how important it is for the global cybersecurity community to come together and collaborate, and should also be a warning to businesses and consumers to protect themselves from Cyberattacks in any way possible.
How Can I Protect Myself Against Cyberattacks?
There are a number of techniques that can be used against cyberattacks. Many of these are quick and easy to implement – and could make the world of difference.
1. Use Strong, Unique Passwords
Using complex passwords that are unique for each account is very important for securing your sites online.
Use a mix of letters, numbers, and special characters, and consider using a password manager to keep track of your passwords securely.
2. Enable Multi-Factor Authentication (MFA)
MFA adds an extra layer of security by asking for two or more verification methods to get access to your online accounts. This could include something you know (a password), something you have (a mobile phone, an app), or something you are (biometric).
The more authentification levels you have, the less likely you are to be successfully targeted.
3. Keep Software Up To Date
Cyber attackers often use gaps in outdated software to gain access to accounts.
Regularly updating your devices means you are more likely to have the latest security and protections against new types of cyber threats.
4. Use A Virtual Private Network (VPN)
A VPN encrypts your internet connection, hiding your IP address and protecting your online activities being tracked.
This is especially important when using public Wi-Fi networks, which are less secure and more likely to be hacked. The best part of VPNs is that they aren’t even that expensive.
For example, CyberGhost’s latest deal is just $2.03 per month. Want to try it out? Click below!
If you wanted an alternative option, Private Internet Access offers the same deal, simply click below!
5. Educate Yourself
Be vigilant about emails or messages that ask for personal information or ask you to click on a link. Learn how to see signs of phishing attempts, such as poor spelling and grammar, requests for personal information, and suspicious email addresses, to avoid falling for these scams.
What The Experts Have To Say:
We spoke to some cybersecurity experts to find out more about what the news means. Here’s what they had to say:
Jamie Akthar, Co-Founder and CEO at CyberSmart
“This has to go down as a major victory. That US and UK law enforcement have disrupted and potentially permanently compromised the world’s most harmful cybercrime group is a huge achievement and one that could have spared millions of future victims.
“However, if we know anything about cybercriminals, it’s that those groups who remain at large are likely to study this closely and evolve. What makes cybercrime so pernicious is its hydra-like ability for more groups to spring up each time one is taken out. As such, we expect them to redouble their efforts following this setback.
“Despite this, this story should serve as a welcome morale boost for anyone involved in the battle against cybercrime. It proves that even the most sophisticated cybercriminals can be beaten and stopped.”
Victor Acin, Head of Threat Intel Research, Outpost24
“According to this latest news, it appears that law enforcement has managed to only take down the Data Leak site thus far. Although this might have affected the affiliate infrastructure of Lockbit, meaning affiliates have no place to upload the data they encrypt, or to negotiate with the clients, I believe it will be easy to reproduce if the members of Lockbit haven’t been arrested.
“As Lockbit is one of the most prolific ransomware gangs and therefore most likely one of the biggest breadwinners out there; a takedown such as this will not stop them.”
Dirk Schrader, Field CISO EMEA and VP of Security Research at Netwrix
“This operation to take down Lockbit appears to have incorporated some lessons learned from past operations. The operation penetrated deep into the network behind Lockbit and tried to uproot much if not all the elements in the Lockbit supply chain, as the notes left for crooks logging in to the platform indicate. That approach increases the chances that Lockbit will not resurface again, unlike other ransomware platforms recently, like Trickbot and ALPHV. Only time can tell whether this will be true.
“Although it is good news that the crypto money has been seized and two individuals have been arrested, it’s not a sign that we should lower our defenses. There are still other gangs out there, there is still a lot of inconsistency between countries related to cybercrime, and there is still money in the game. In fact, according to this report, successful cyberattacks resulted in unplanned expenses for 40% of respondents. So, companies should not scale down their efforts to protect their data, identities, and infrastructure. Heed the advice that an ounce of prevention is better than a pound of cure. Make sure that you have your accounts protected using MFA, that privileges are reduced to the minimum needed to do the job and exist only just-in-time, that your systems are hardened, and your vital data is secured. We will see whether Lockbit remains out of business, but for sure others are ready to fill the void.”
Richard Cassidy, EMEA CISO, Rubrik
“Undoubtedly, the news of Lockbit’s disruption is a welcome development on the ransomware battlefield, however, the war is far from over. Whilst operations for Lockbit will have been affected for a to-be-determined period, we should not underestimate their adaptability. These groups have consistently shown a remarkable capacity to adapt to law enforcement actions, evolve their tactics, and continue their operations, sometimes under new guises.
“We’ve seen the resilience of ransomware groups disrupted by law enforcement in the past, for example, Hive, ALPHV/BlackCat, and the evolution from DarkSide to BlackMatter, demonstrating the ability of cybercriminal groups to rebound, rebrand, and integrate into new or existing networks, leveraging support through the ransomware-as-a-service ecosystem.
“One has to question if the financial resources of groups such as Lockbit, are somewhat broader in scope, than the law enforcement teams tasked with their disruption. Lockbit are extremely well funded through the success of their operations, having amassed circa $91M from US organisations alone, therefore they have the economic power to re-group and develop new tactics, techniques, and procedures, learning and adapting from the errors that led to their disruption, thus reinventing their approach, as necessary.
“This cyclic nature of law enforcement disruption and the resurgence of these ransomware groups points to a broader issue within the cybercrime ecosystem. The issue fundamentally is the drivers behind ransomware attacks, such as financial incentives, the relative anonymity of cryptocurrency transactions, and the ad-infinitum discovery of vulnerabilities that remain unaddressed. Until then we can expect the rinse-repeat cycle of disruption and resurgence to continue for the foreseeable future.”
Greg Day, SVP and global field CISO at Cybereason
“Far too often, there’s talk about the ease with which cybercriminals operate online. However, this recent news serves as a prime example of the results achieved through diligent effort and collaboration behind the scenes. This involves cooperation among law enforcement agencies spanning different jurisdictions, navigating the complexities arising from varied laws. It also entails partnerships with telecom providers to grasp the intricacies of infrastructure and attack methodologies, collaboration with the cybersecurity industry to comprehend the latest attack iterations, and engagement with financial services organisations to gain insights into money transaction flows.
“Modern ransomware attacks surpass many traditional bank heists in complexity and extend across international borders. Nonetheless, as we continue to enhance our collaborative efforts, the collective action of the masses prevails over the actions of the few.”
If you are a cybersecurity company and would would like to add your comment, get in touch with dana@techround.co.uk