Trends and Customers Benefit from a Strategic Intelligence-First Approach
Trend Micro Inc. (TYO: 4704, TSE: 4704), a global cybersecurity leader, today announced the results of a comprehensive threat intelligence study following the law enforcement-led takedown of the LockBit ransomware group. The unprecedented operation, known as Operation Cronos, marks a major step forward in the global fight against cyber threats, dealing a blow to an organization responsible for approximately one in four ransomware attacks worldwide.
To read a copy of the report, Uncovering the impact: To learn more about the impact of Operation Kronos on LockBit following the groundbreaking disruption, please visit: https://research.trendmicro.com/LockBitDisruptionAftermath
Sharda Tikoo, Country Manager, India and SAARC, Trend Micro:We are very supportive of the excellent disruption efforts carried out by international law enforcement against the Lockbit group and our ability to support them in analyzing the next version they are planning. By staying ahead of these threat actors, we have not only been able to provide intelligence to law enforcement, but also strengthen the defenses of our global customer base. Analyzing the situation following this takedown, our efforts to strengthen security defenses through global threat intelligence are producing tangible results.”
Operation Kronos differed in several ways from many of the typical ways law enforcement agencies take down criminal groups: this was not just a setback for threat actors, but a decisive attack that crippled their infrastructure, undermined their financial mechanisms, exposed affiliates, and destroyed trust within their own illicit networks.
This cumulative effort has tarnished LockBit’s reputation within the network and the cybercrime community at large, negating attempts to regroup, and leading to the mastermind “Lockbitsupp” being banned from two popular underground forums, XSS and Exploit.
The group is attempting to recreate the New Onion leak site that was launched a week after the operation, and Lockbitsupp is actively seeking out brokers selling access to the .gov, .edu and .org TLDs, likely in retaliation for Cronos.
However, these efforts appear to have failed. Trends telemetry shows that there have been limited instances of successful attacks since the disruption. While numerous victims have been posted to new LockBit leak sites, the majority of them are re-uploads from previous campaigns or victims of other threat groups like ALPHV.
The group has also developed a new version of ransomware, Lockbit-NG-Dev, which Trend Micro has been monitoring closely and providing advanced protection to its customers.
Key accomplishments of Operation Kronos:
- LockBit’s reputation is in tatters: With its reputation tarnished, LockBit faces major challenges in rebuilding its business and affiliate network.
- Strategic Infrastructure Disruption: The operation’s exhaustive approach has made the process of rebuilding and reorganizing LockBit difficult and lengthy, delaying any potential comeback.
- Effective deterrent: The insight into affiliate activity and subsequent warnings likely led to the dismantling of LockBit’s entire affiliate program, further weakening the company’s operational capabilities.
- Enhanced Business Security: Trend’s clients will benefit from the results of this operation and will be at reduced risk of being targeted by major players in the ransomware market.
This disruption highlights Trend’s relentless commitment to predicting threats and protecting organizations around the world from evolving dangers in cyberspace. The best way to disrupt a common enemy is to share information quickly and efficiently.
About Trend Micro
Trend Micro is a global leader in cybersecurity, helping enable a world where digital information can be exchanged safely. Built on decades of security expertise, global threat research, and continuous innovation, Trend Micro’s cybersecurity platform protects hundreds of thousands of organizations and millions of individuals across clouds, networks, devices, and endpoints. As a leader in cloud and enterprise cybersecurity, the platform delivers powerful advanced threat prevention technologies optimized for environments including AWS, Microsoft, and Google, as well as centralized visibility for faster, better detection and response. With 7,000 employees in 65 countries, Trend Micro enables organizations to simplify and secure the connected world. www.TrendMicro.com.
