SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
LockBit ransomware gang dismantled by global task force
Fri, 23rd Feb 2024

The infamous LockBit ransomware gang, responsible for extorting more than USD $120 million and affecting more than 2000 victims worldwide, has been successfully dismantled. This was revealed in a commentary by Dean Houari, Director of Security Technology and Strategy, APJ at Akamai Technologies. The takedown was orchestrated by Operation Cronos, a multinational task force comprised of law enforcement agencies from ten countries, spearheaded by authorities from the UK and the US.

The LockBit gang has caused worldwide fear over the last four years, with enterprises and governments being targeted in ransomware attacks. According to a 2023 Akamai research report, LockBit dominated the ransomware landscape with 39% of total ransomware victims. In comparison to the second-comparable ransomware gang, LockBit had caused over triple the amount of damage.

The nefarious activities of the LockBit gang extended to the Asia Pacific region, as they launched hundreds of attacks across several sectors, including financial services, critical infrastructure, agriculture, education and government, from the start of 2020. One instance of their disruptive tactics involved shutting down Japan's largest port at Nagoya for two days, heavily impacting the nation's primary car manufacturers. A similar event disrupted Australia's largest port's operations. Dean goes onto note that LockBit was known to take pride in 'publicly shaming victims who did not pay their ransom, by leaking their sensitive data.'

The operation to take down LockBit was not without its notable moments, including the gang's leader, lockBitSupp, whose actual identity remains unknown, taunting the authorities and even offering a USD $10 million bounty to disclose his identity. The authorities themselves adopted some of LockBit's methods in making a show of the takedown with the ingenuity of 'Cronos' and a countdown to the announcement.

Interestingly, customers who had been victims of the LockBit gang, previously shamed by leaked data on the darknet, are now able to retrieve their decryptor keys from these very sites. This comes as Japanese Police, with Europol support, developed a decryption tool to recover files encrypted by the LockBit 3.0 Black Ransomware. These actions send a clear message to all ransomware groups: they cannot hide in the shadows of the dark web, and they will be held accountable for their actions.

Despite the success of the operation, Houari cautions us that 'relying on multinational task forces to take down ransomware gangs is not an effective security strategy.' He anticipates the rise of another variant of the LockBit gang that could soon fill the void with potentially even more damaging tools. Dean highlights that it's crucial to remember that 'prevention is better than recovery' and urges organisations to reassess their security postures.

The best security strategy should involve prevention, such as impeding attackers from accessing and encrypting data on critical servers and having backup plans in the event of a breach. Measures suggested include software-defined micro-segmentation, full network visibility, and continuous compliance with local cybersecurity regulations. Dean summarises, 'It's time to shut down ransomware by implementing a security solution at each point of the ransomware kill chain.'