How the most prolific and detrimental ransomware group in the world was dissected
Spearheading the sweeping operation Cronos, the NCA in the UK, in collaboration with other law enforcement agencies, took over LockBit's entire leak site infrastructure – transforming it into a repository of data about the group. As a key effort of this initiative, global law enforcement dismantled the affiliated exfiltration StealBit malware. The operation resulted in the apprehension of 2 individuals, the indictment of 5 more, the public release of all decryption keys, the freezing of over 200 cryptocurrency wallets, and the confiscation of 34 servers distributed across eight countries.
LockBit has been a prominent player in the ransomware-as-a-service scene. However, recent issues signal internal conflicts that could lead to its eventual collapse. Get insights on the latest updates on the group.
Analysing the Decline and Potential Resurgence with Version 4.0
The LockBit intrusion set, tracked by Trend Micro as Water Selkie, has one of the most active ransomware operations today with LockBit’s strong malware capabilities and affiliate program.
Trend’s role
In cooperation with the NCA, Trend conducted a thorough analysis of the developmental version of LockBit, known as LockBit-NG-Dev. This meticulous scrutiny rendered the entire product line impractical for criminal use. We were uniquely positioned with protection in place for this upcoming malware before the group even completed testing. This proactive collaboration with the NCA ensures our customers are safe from LockBit, a significant achievement considering its contribution to 25% of all ransomware leaks last year. While the ransomware landscape will evolve, our enduring partnership with law enforcement puts us ahead of the curve, enabling us to proactively safeguard our customers.
Insights from Robert McArdle with Trend Research.
Global Law Enforcers Seek Trend Micro's Help to Take Down Major Threat Group LockBit
The technology behind the case
Our cybersecurity platform, Trend Vision One™, is designed to deliver central visibility for better, faster detection and response. It protects hundreds of thousands of organisations and millions of individuals across clouds, networks, devices, and endpoints. Rated a leader by Gartner, Forrester, and IDC, it delivers a powerful range of advanced threat defense techniques optimised for environments like AWS, Microsoft, and Google, and central visibility for better, faster detection and response.
Explore related resources
Trend Micro experts Jon Clay, VP of Threat Intelligence, and Greg Young, VP of Cybersecurity discuss Lockbit, law enforcement’s Operation Cronos, and more.