Post-LockBit, How Will the Ransomware Ecosystem Evolve?
Fraud Management & Cybercrime
,
Ransomware
With Over $1 Billion in Annual Proceeds, Don’t Expect Attackers to Give Up the Life
Once the dust settles on the LockBit disruption, what will be the state of ransomware?
See Also: User Entity & Behavior Analytics 101: Strategies to Detect Unusual Security Behaviors
Expect attackers to continue refining their tactics for maximizing profits via a grab bag of the same strategies, including forcibly encrypting systems and charging for a decryptor, stealing data and threatening to dump it, creating scary public personae, or a combination of the above.
LockBit, which was disrupted this week by law enforcement, is one of the most successful ransomware groups in history. Canadian intelligence tied it to 44% of all ransomware attacks globally in 2022. Blockchain analytics firm Chainalysis said that since the start of 2023, LockBit has received the second-highest amount of traceable ransom payments of any ransomware group.
All that appears to have ended, at least for now. “We have hacked the hackers,” National Crime Agency Director General Graeme Biggar said this week of the joint operation, which featured 10 countries’ law enforcement agencies. It disrupted the group’s infrastructure, arrested suspects in Poland and Ukraine, sanctioned multiple Russians and more (see: Breach Roundup: More Fallout From the LockBit Takedown).
“It…
