Skip to content

What the LockBit ransomware gang’s return means for healthcare

Posted by:
2 min read

March 11, 2024 – Published on HealthITSecurity

Since its emergence four years ago, the LockBit ransomware gang has been ruthlessly targeting organizations across critical infrastructure at alarming rates. The group’s constant tactic modifications and vast network of affiliates enabled it to deploy ransomware against more than 2,000 victims and receive more than $120 million in ransom payments, according to the FBI.

But in February 2024, US and UK authorities announced the disruption of the LockBit ransomware gang following a months-long effort under “Operation Cronos,” a dedicated task force aimed at dismantling the group. The international task force successfully took control of LockBit’s leak site and admin portal, as well as 28 servers, and was able to offer decryption keys to victims.

The takedown was hugely successful at disrupting the group’s operations and helping its victims. However, after just a few days of downtime, LockBit restored its servers and was running once again.

HealthITSecurity spoke with Nic Finn, senior threat intelligence consultant at GuidePoint Security, to discuss the significance of this takedown and what the group’s reemergence means for healthcare.

“LockBit has been the biggest group for a long time. They likely have the most affiliates, and they are clearly posting the most victims. They have quite an established set of rules for how their affiliates operate,” Finn said.

“That has led us to this instance where I think it just made sense that law enforcement needed to act against them in some way to try and curb all this victimization across multiple industries.”

In 2022, LockBit was the most active global ransomware group and RaaS provider by number of victims claimed on their data leak site, the FBI found. The group remained one of the most prolific ransomware groups of 2023, the GuidePoint Research and Intelligence Team (GRIT) revealed in its annual report. LockBit’s aggressive attacks against healthcare and other sectors prompted multiple alerts and analyst notes from federal agencies in recent years, including HHS.

Read More HERE.

Categories: Incident Response & Threat Intelligence
Tags:GRITransomware

GuidePoint Security

Researchers Observe Increase in Emerging Ransomware Groups Targeting Healthcare
January 26, 2024 – Published on Health IT Security The healthcare sector was hit hard by data breaches in 2023, with […]
View Page

Related Articles

View All

  • Incident Response & Threat Intelligence
Researchers Observe Increase in Emerging Ransomware Groups Targeting Healthcare
Read More < 1 min read
  • Incident Response & Threat Intelligence
Healthcare Industry Remains a Top Victim of Ransomware Attacks
Read More < 1 min read
  • Incident Response & Threat Intelligence
BlackCat Goes Dark After Ripping Off Change Healthcare Ransom
Read More < 1 min read