Trend Micro discloses criminal insights following disruption of one of the world’s biggest ransomware groups

-

The LockBit ransomware group was recently involved in an attack on local government


Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global cybersecurity leader, today released comprehensive threat intelligence findings in the wake of the law enforcement-led disruption of the LockBit ransomware group. The unprecedented operation, known as Operation Cronos, marks a significant step forward in the global fight against cyber threats, impacting an entity responsible for an estimated quarter of all ransomware attacks worldwide. Most recently, the group claimed responsibility for a data leak affecting South Africa’s Government Employees Pension Fund.

 
To read a copy of the report, Unveiling the Fallout: Operation Cronos' Impact on LockBit Following Landmark Disruption, please visit: https://research.trendmicro.com/LockBitDisruptionAftermath

 
Zaheer Ebrahim, Solutions Architect, Middle East and Africa at Trend Micro: “We are immensely supportive of the excellent disruptive work done by international Law Enforcement against the LockBit group, and our ability to provide support with analysis of the planned upcoming version of their new ransomware. Getting ahead of these threat actors not only allowed us to pass on intelligence to law enforcement, but also bolstered the defence of our local customer base. As we dissect the aftermath of this takedown, our commitment to enhancing security defence through global threat intelligence is yielding tangible results."

 
Operation Cronos was different in several ways from many of the typical law enforcement takedowns of criminal groups. More than a mere setback for threat actors, it was a decisive strike that crippled their infrastructure, undercut their financial mechanisms, exposed affiliates, and fractured the trust within their own illicit networks.


This cumulative effort has helped to tarnish LockBit's reputation among its networks and the cybercrime community in general, making it inept in its attempts to regroup. Ringleader "Lockbitsupp" has also been banned from two popular underground forums: XSS and Exploit.

 
The group has been trying to rebuild New Onion leak sites launched a week after the operation, and Lockbitsupp is actively seeking brokers selling access to .gov, .edu, and .org TLDs—in what appears to be a reprisal for Cronos.

However, these efforts appear to be failing. Trend's telemetry reveals limited cases of successful attack since the disruption. Although scores of victims have been posted to the new LockBit leak site, the vast majority were reuploaded from previous campaigns or are victims of other threat groups like ALPHV.


The group has also been developing a new version of ransomware, Lockbit-NG-Dev, which Trend has been monitoring closely and provided advanced protections to customers.

Key Achievements of Operation Cronos:

Reputational Damage to LockBit: Given its tarnished reputation, LockBit faces significant challenges in rebuilding its operations and affiliate networks.
Strategic Disruption of Infrastructure: The operation's in-depth approach has made LockBit's rebuilding and regrouping process difficult and time-consuming, delaying any potential resurgence.
Effective Deterrence: The insight into affiliate activities and the subsequent warnings have likely dismantled any of LockBit's affiliate programs, further weakening its operational capacity.
Enhanced Business Security: Trend customers stand to benefit from the operation's outcome and a reduced risk of being targeted by a significant player in the ransomware market.
 

This disruption underscores Trend's relentless pursuit of anticipating threats and shielding organisations worldwide from the evolving dangers of the cyber landscape. The best way to disrupt common adversaries is by sharing intelligence promptly and efficiently.

 

Comments

Post a Comment

Popular posts from this blog

Connectivity demystified: Why it’s important to understanding the “language” of connectivity

-
Image
  By Craig Blignaut, Product Manager: WiFi and Theo Van Zyl, Head of Wireless at Vox In an age where connectivity is the foundation of our digital existence, understanding the complexities of modern connectivity offerings is critical. The Internet, a global network of interconnected computers, devices and databases, makes it possible for us to access information and communicate from anywhere in the world. WiFi, on the other hand, allows us to connect our devices to the Internet. A WiFi connection can come from fibre, LTE, wireless or a satellite connection.   Making sense of connectivity While the distinction between WiFi and the internet might be obvious to some, others think about them as being one and the same. In part, this is because most users think about WiFi as something we use to connect to the Internet. So, if you can’t get online, you automatically assume that the bridge between you and the Internet – the WiFi – must be the issue. But this isn’t necessarily the case.
Read more

Partnership approach can help retailers get the best out of monitoring and security

-
By Rodney Taylor, Managing Director at Guardian Eye, a Vivica Group company From a smart retail perspective, it is crucial to understand that monitoring stock and other assets through camera surveillance and a variety of Internet of Things (IoT) sensors stretches further than the stores themselves. Greater importance is being placed on protecting the entire value chain, which starts at distribution. Beyond just security, this technology is also being used to enhance operations and reduce costs.   Distribution Centres, many of which may feature 24/7 operations, are a vital cog in the chain for retailers, helping them ensure that their stores can be stocked with the right products as quickly as possible. However, these high-value centres - while a store might contain R3 million or R4 million of stock, a distribution centre might hold R50 million in merchandise - are the target of criminal activity as well, as seen during the July 2021 riots. As such, it is no surprise that retailers are
Read more

Hewlett Packard Enterprise announces President Ntuli as Managing Director for South Africa

-
Image
Hewlett Packard Enterprise (HPE) today announced that President Ntuli has been appointed to the role of Board and Managing Director for South Africa with immediate effect.   President assumes full responsibility for the end-to-end management of HPE’s South African business, people, and operations. President assumes the role of South Africa Managing Director after two years as Director of HPE GreenLake Cloud Services across the UK, Ireland, Middle East and Africa region. Sandile Dube, previously country sales lead for HPE South Africa, has taken an opportunity outside of HPE.   Based at HPE’s office in Johannesburg, President leads an organisation with more than 150 team members spread across Johannesburg, Cape Town and Durban. Looking to leverage his knowledge and skills from the region to drive growth in South Africa, President is particularly focused on cloud and digital transformation. This appointment reaffirms and solidifies HPE’s commitment to the country.   President
Read more