LockBit ransomware gang’s power diminished but not eradicated

Published: 2024-03-19 14:26 +02:00 by Sandra Laurence tag: Information security

Over the past four years, LockBit has been involved in thousands of ransomware attacks on victims around the world.

Although action by UK and US authorities against the LockBit ransomware gang is a major setback for its operations – and is likely to inhibit its ability to recruit affiliates – such criminal groupings are notoriously resilient and will probably just emerge under a different banner in the near future.

That’s according to Check Point Software Technologies’ threat intelligence group manager Sergey Shykevich, who was speaking to TechCentral in an interview on Tuesday.

“LockBit will still have data at its disposal and the possibility that it will use it in some way in the future is highly likely,” he said. “The threat from this criminal gang and other ransomware groups will continue.”

LockBit routinely attacked government institutions and state-owned enterprises but seldom had much success

Britain’s National Crime Agency, the US’s Federal Bureau of Investigation, Europol and a coalition of international police agencies cooperated in an operation that took down the LockBit ransomware gang on 19 February.

Graeme Biggar, NCA director-general, said last month law enforcement officers had “successfully infiltrated and fundamentally disrupted LockBit”.

Over the past four years, LockBit has been involved in thousands of ransomware attacks on victims around the world, from high-profile corporate targets to hospitals and schools.

One of its most recent attacks was on the South African Government Employees Pension Fund (GEPF), which noted on 12 March that data purportedly from its administrator, the Government Pensions Administration Agency (GPAA), had been released by LockBit .

The fund said the GPAA had confirmed that preventive action was taken when it became aware of the attempted access to its systems. The action included “shutting down” all systems to isolate affected areas.

Prolific

The GEPF’s clients include about 1.265-million active members from more than 325 government departments as well as some 475 000 pensioners and other beneficiaries, but the GPAA said pension payments were not affected.

LockBit was the most prolific ransomware group globally until its operations were disrupted, and was by far the most active ransomware gang in South Africa, accounting for 42% of attacks in the last 12 months, according to Malwarebytes research.

The group typically stole copies of a victim’s data before encrypting it, to have two forms of leverage during ransom negotiations. Then they demanded payment in return for the data, threatening the release of the information through leak sites if a ransom wasn’t paid.

Read: World’s largest ransomware gang nailed

Shykevich said LockBit routinely attacked government institutions and state-owned enterprises but seldom had much success in this arena as governments usually refused to deal with extortionists and criminals.

Educational institutions are easy to target, according to Shykevich, because their networks are easy to access. “Often they have slim budgets and security concerns are not top priority for them,” he said.

Check Point’s Sergey Shykevich

He said LockBit will still have data available to it, and that it will find a way to use it in some way. “The takedown was damaging in terms of reputational damage,” he said, “ but no one was arrested and Russia has a policy where it does not extradite, so they will just rebrand or work for others.”

And it seems he is right .

LockbitSupp, the group’s administrator, has opened a new extortion site that features the names of five victim companies from which it is threatening to leak stolen documents. However, the site no longer shows any of the old listings from before the law enforcement operation.

Read: Smashing a criminal enterprise – inside the Lockbit ransomware takedown

The Russian hacker group claimed the servers containing stolen data remain intact. The FBI could not get hold of it, and they will be published in a new blog after “reconstruction”, it said.

The NCA’s Biggar said his staff had seen “some of the messaging that has come out from LockBit. This stuff can spin up in little ways. There are fragments and remnants of it knocking about online. But we have taken control of the core bit, we have destroyed a huge amount of data.” — © 2024 NewsCentral Media

Get breaking news alerts from TechCentral on WhatsApp

Enhanced Investments, Inc.
329 South Oyster Bay Road #2085
Plainview, NY 11803
team@eninvs.com

Important disclosures

Performance results were prepared by Enhanced Investments, and have not been compiled, reviewed or audited by an independent accountant. Performance estimates are subject to future adjustment and revision. Investors should be aware that a loss of investment is possible. Account holdings are for illustrative purposes only and are not investment recommendations. Additional information, including (i) the calculation methodology; and (ii) a list showing the contribution of each holding to the portfolio’s performance during the time period will be provided upon request.
All statements made via social media sites sponsored or maintained by Enhanced Investments and its affiliates are for informational purposes only and do not constitute a comprehensive description of Enhanced Investments' investment advisory services.
Certain investments are not suitable for all investors. Before investing, consider your investment objectives and applicable fees. The rate of return on investments can vary widely over time, especially for long term investments. Investment losses are possible, including the potential loss of all amounts invested. Information provided by Enhanced Investments is for informational and general educational purposes only and is not investment or financial advice.

Nothing on this website should be considered an offer, solicitation of an offer, or advice to buy or sell securities.
Past performance is no guarantee of future results. Any historical returns, expected returns [or probability projections] are hypothetical in nature and may not reflect actual future performance.
All the strategies assume investments in equity invstrumenta only and are more relevant for "agressive investment profile". Eastern European flagship strategy assumes using up to 20% leverage of total portfolio. GlobalCommodities and US Growth strategy currently assume no leverage.
Results for the Enhanced Investments strategies as compared to the performance of Illustrative Benchmarks is for informational purposes only. Our investment program does not mirror that of the Illustrative Benchmarks and the volatility may be materially different from the volatility of Illustrative Benchmarks. Reference or comparison to an Illustrative Benchmark does not imply that strategies of Enhanced Investments will be constructed in the same way as the Illustrative Benchmark or achieve returns, volatility, or other results similar to those of the Illustrative Benchmark. The S&P 500 is an unmanaged market capitalization-weighted index of 500 common stocks chosen for market size, liquidity, and industry group representation to represent U.S. equity performance.
Performance results were prepared by Enhanced Investments, and have not been compiled, reviewed or audited by an independent accountant. Performance estimates are subject to future adjustment and revision. Investors should be aware that a loss of investment is possible. Account holdings are for illustrative purposes only and are not investment recommendations. Additional information, including (i) the calculation methodology; and (ii) a list showing the contribution of each holding to the portfolio’s performance during the time period will be provided upon request.
All statements made via social media sites sponsored or maintained by Enhanced Investments and its affiliates are for informational purposes only and do not constitute a comprehensive description of Enhanced Investments' investment advisory services.
Certain investments are not suitable for all investors. Before investing, consider your investment objectives and applicable fees. The rate of return on investments can vary widely over time, especially for long term investments. Investment losses are possible, including the potential loss of all amounts invested. Information provided by Enhanced Investments is for informational and general educational purposes only and is not investment or financial advice.