LockBit disruption has potential to shake up affiliate structure
March 1, 2024 – Published on IT Brew
A seizure of ransomware infrastructure by the FBI, the UK’s National Crime Agency (NCA), and international law enforcement partners may be enough to get at least some adversaries to update their resumes and try a new office.
Though ransomware group LockBit has shown signs of recovery after a multi-country disruption of its operations, threat researchers who spoke with IT Brew said the move is still likely to scatter some affiliates to other threat groups.
LockBit follows a ransomware-as-a-service (RaaS) model, which calls on affiliates to carry out attacks using the LockBit tools. The group has targeted more than 2,000 victims and received more than $120 million in ransom payments, a Department of Justice statement said, following an announcement of an international seizure of infrastructure by joint task force Operation Cronos.
“I think the biggest focus here [from law enforcement], from my perspective, is really taking the confidence out of the affiliate structure and hoping that that destabilizes ransomware as a whole,” Drew Schmitt, practice lead on the research and intelligence team at cybersec-services provider GuidePoint Security, told IT Brew.
Read More HERE.