IT Essentials: LockBit and load

They fought the law, and the law won - for now

LockBit is down, but not out yet

Image:
LockBit is down, but not out yet

Taking down LockBit is a temporary reprieve, at best.

Asked about serious organised crime units, most people on the street picture uniformed officers battering down doors and screaming, "Armed police!"

They're not far wrong, but it ignores a huge part of modern police work: cybercrime.

Last week the National Crime Agency's cyber unit scored a huge win, with other agencies, in taking down LockBit, the Russian ransomware gang that breached Boeing, Royal Mail and the Ministry of Defence.

There's no doubt the NCA is enjoying its victory, trolling LockBit by using its own website to reveal information about the group's members and affiliates. Now we can all do the same, sitting back to enjoy a world entirely free of criminal ransomware.

Image
Figure image
Description
Nice, right?

Wait...the criminals haven't gone anywhere? The only arrests have been of affiliate members? LockBit's leaders are still sitting free and pretty (proved by the gang's resurgence over the weekend)?

The fact is that without extradition agreements, which Russia will never sign, the masterminds behind LockBit are still at large. At best this is a temporary reprieve until another gang - either LockBit or a different group - rises to fill the vacuum.

Law enforcement has done incredibly well at taking down ransomware gangs in the last few years. REvil, Conti, BlackCat and more have fallen. Some data even shows a trend away from ransomware and towards new attacks like cryptojacking.

Criminal groups remain resilient, adaptable and willing to rebrand, however, because there are so many targets. Until their financial incentives are cut off we can expect, at best, a temporary lull before the cycle begins again.

IT leaders should take this as an opportunity to review their security posture, making sure that training goes beyond malware and ransomware. The times, they are a-changin'.

Cyber threats are rising, and IT leaders need the latest information to stay ahead of the curve. Join us at the Cybersecurity Festival on 2nd May, where we bring together the most senior and influential voices from security leaders throughout the UK. Click here to secure your free place.