The Operation Cronos Task Force, a global law enforcement group tasked with cracking down on LockBit, has advised that a further four suspects linked to the prolific ransomware gang have been arrested.
In August 2024, Europol arrested a developer working for the gang while he was outside of Russia on vacation. Two more members were nabbed by the U.K.’s National Crime Agency (NCA), one on suspicion of money laundering and the other for his affiliation with LockBit activity. Finally, a fourth member, alleged to be a bulletproof hosting administrator who helped shield LockBit’s infrastructure, was arrested by Spain’s Guardia Civil at the Madrid airport.
In addition to the arrests, several countries, including Australia, the U.S., and the U.K. issued sanctions against several Russian nationals believed to be affiliated with LockBit affiliate, Evil Corp.
Source: Bleeping Computer
Analysis
Operation Cronos Task Force has been disrupting LockBit’s activities by seizing its infrastructure and indicting its members since February 2024. However, every time the task force deals LockBit a blow, the ransomware group seems to quickly recover, effectively playing out like a game of whack-a-mole.
In May 2024, the task force identified 31-year-old Russian national Dmitry Yuryevich Khoroshev, known online as ‘LockBitSupp,’ as the mastermind behind LockBit. Khoroshev was slapped with several indictments and sanctions from various countries and was subject to asset freezes and travel bans. While the sanctions, travel bans, and asset freezes may have some impact on Khoroshev’s life and LockBit’s operations, this indictment was largely symbolic as it’s unlikely the U.S. will be able to extradite him from Russia.
However, the recent arrests by Operation Cronos resulted in the actual physical detainment of the suspects, as they were apprehended when they travelled outside Russia. While in custody, these individuals will not be able to support LockBit’s operations.
Mitigation
While defending against ransomware attacks may seem intimidating at first, even a few simple, easy-to-implement best practices can help prevent attacks. Field Effect recommends that organizations adopt the following best practices:
Back up your data
Regular backups of sensitive and important information can help ensure business continuity during a ransomware attack. These backups should be stored somewhere different than the operational network so that they will not be encrypted during an attack, and thus can be used to restore devices.
Update and patch software
Regular patching, updating, and maintenance help protect against or eliminate known cybersecurity vulnerabilities in IT systems and is one of the most important steps you can take to improve your security.
Protect systems connected to the internet
Using a DNS firewall limits access to known malicious websites, helping to defend against potential social engineering attacks while blocking malicious code and securing access to cloud apps and corporate websites. Leveraging a virtual private network (VPN) can also help, giving workers a secure means of accessing corporate data or otherwise connecting to networks from remote locations.
Develop a culture of cybersecurity
Organizations should train employees to watch for and understand the tricks attackers use, spot and avoid potential phishing links, and flag requests for personal information or credentials.
Strong password policies, password managers, and multifactor authentication (MFA) also make it more difficult for threat actors to guess, brute force, or use stolen credentials.
Use a cybersecurity solution
Staying ahead of ransomware demands a view into what’s happening across your IT environment. Cybersecurity solutions like Field Effect MDR that detect and respond to suspicious activity across networks, end-user devices, and cloud services can help identify and mitigate potential threats early.
Related Articles
