News is still unfolding on the international law agency effort between 11 countries, including the United States and the United Kingdom, that was able to take down websites associated with the LockBit ransomware.
Executives from Traceable AI and Securin wanted to share some expert thoughts on the news:
Richard Bird, chief security officer, Traceable AI
“The takedown of LockBit is a big deal, but the ringing of bells and handing out of high-fives should be done cautiously. LockBit operated for 5 years, not 5 weeks. The level of success and damage achieved by LockBit means that there will be no vacuum. Whether LockBit rises again or other groups step up, there will be no void.
“The revelations around the LockBit takedown prove two critical points. First, coordinated campaigns by the good guys can and do deliver results. We can’t live in a world where the hackers get to accumulate hundreds of millions in ill-gotten gains while destroying digital trust, with impunity. Decades of threats and damage have finally been met with a proportionally appropriate response. Second, when we engage in direct action against the bad guys, we realize that they have many of the same exploitable weaknesses in their organizations, internal politics, infrastructure and security practices as we have. We need to capitalize on that learning to take down as many criminal digital enterprises as we can.”
Aviral Verma, lead security analyst at Securin
“The takedown of the LockBit ransomware gang, responsible for extorting millions from over 2,000 victims and amassing over $120 million in ransom payments, marks a significant win for cybersecurity. The coordinated international operation disrupted the gang’s infrastructure, leading to arrests and indictments of key operators.
“Allegedly, law enforcement agencies exploited a vulnerability in PHP – CVE-2023-3824 – to take control of LockBit’s leak sites. In a twist of irony, the bad guys missed applying the patch, and the good guys wrote the exploit and hacked them instead! This big question now is: Does this mark the end of LockBit?
“Cybersecurity agencies have been prolific in taking down ransomware groups recently with Hive and ALPHV also being dismantled. However, ALPHV was up again in a day, and Hive rebranded itself as ‘Hunters International.’ We can expect the LockBit group to attempt a similar revival or rebranding, underscoring the necessity for continued vigilance and coordinated efforts among global law enforcement and cybersecurity agencies. Nevertheless, for now we should all celebrate success.
“For the victims of LockBit’s attacks, this crackdown brings a glimmer of hope. Developing a decryption tool and seizing cryptocurrency wallets could potentially allow victims to recover some of their losses. This is a significant step forward in relieving those affected by LockBit’s ransomware attacks, underscoring the importance of law enforcement in protecting.”