LockBit ransomware gang’s power diminished but not eradicated

/in


Although action by UK and US authorities against the LockBit ransomware gang is a major setback for its operations – and is likely to inhibit its ability to recruit affiliates – such criminal groupings are notoriously resilient and will probably just emerge under a different banner in the near future.

That’s according to Check Point Software Technologies’ threat intelligence group manager Sergey Shykevich, who was speaking to TechCentral in an interview on Tuesday.

“LockBit will still have data at its disposal and the possibility that it will use it in some way in the future is highly likely,” he said. “The threat from this criminal gang and other ransomware groups will continue.”

Britain’s National Crime Agency, the US’s Federal Bureau of Investigation, Europol and a coalition of international police agencies cooperated in an operation that took down the LockBit ransomware gang on 19 February.

Graeme Biggar, NCA director-general, said last month law enforcement officers had “successfully infiltrated and fundamentally disrupted LockBit”.

Over the past four years, LockBit has been involved in thousands of ransomware attacks on victims around the world, from high-profile corporate targets to hospitals and schools.

One of its most recent attacks was on the South African Government Employees Pension Fund (GEPF), which noted on 12 March that data purportedly from its administrator, the Government Pensions Administration Agency (GPAA), had been released by LockBit.

The fund said the GPAA had confirmed that preventive action was taken when it became aware of the attempted access to its systems. The action included “shutting down” all systems to isolate affected areas.

Prolific

The GEPF’s clients include about 1.265-million active members from more than 325 government departments as well as some 475 000 pensioners and other beneficiaries, but the GPAA said pension payments were not affected.

LockBit was the most prolific ransomware group globally until its operations were disrupted, and was by far the most active ransomware gang in South…

Source…