Cybercrime groups restructuring after major takedowns, say experts
Sign up now: Get ST's newsletters delivered to your inbox
A screenshot taken on Feb 19 of a takedown notice that a group of global intelligence agencies issued to a dark website called Lockbit.
PHOTO: REUTERS
Follow topic:
Paris – Cybercrime gangs are looking to rebuild with new tactics after global police operations in 2024 made a huge dent in their activities, experts told AFP.
The gangs have had a bad year so far, with law enforcement operations taking out some prominent groups, including LockBit
LockBit was one of the major developers of malicious software that allows criminals to lock victims out of their networks, steal their data and demand a ransom for its return.
Ransomware attacks using LockBit and other software have led to major disruption of governments, businesses and public services such as hospitals.
Victims have paid hundreds of millions of dollars to gangs, usually in untraceable cryptocurrencies.
The disruption of LockBit in February and another network of malicious bots in May led to a “cleaning up” of the ransomware scene, Mr Nicolas Raiga-Clemenceau of the XMCO consultancy in France said.
But he said “a number of new groups” have since appeared and started to organise themselves.
Mr Allan Liska of US cyber-security firm Recorded Future agreed and said there are worrying trends emerging with some of the new groups.
‘Violence as service’
Some of the newer gangs appear to be considering threats of physical violence rather than just online intimidation, Mr Liska said.
He pointed out that gangs would already have stolen a bunch of personal information, such as the addresses of senior executives.
“And so, if you’re not getting anywhere in your negotiations, that’s something you can threaten,” he said. “We’re going to do something in the real world to hurt you or hurt your family.”
He called this “violence as a service”.
Mr Liska and other experts are still assessing the new landscape, saying a number of new groups have emerged.
“There’s about a dozen of them that have popped up since the LockBit takedown, which is a higher number than we’ve ever seen in that short period of time,” he said.
They had all launched extortion websites that showed lists of victims, but it was unclear how effective the new groups would be, he added.
‘Bounce back’
LockBit’s operations were taken down by law enforcement in February.
The gang had targeted more than 2,000 victims and received over US$120 million (S$162 million) in ransom payments since it formed four years ago, according to the US authorities.
Those targeted included Britain’s Royal Mail postal service, US aircraft manufacturer Boeing and a Canadian children’s hospital.
The US authorities said hundreds of encryption keys have been recovered and given to victims, and the network’s services have effectively been taken over.
But the software is still out there.
In June, a gang attacked a government data centre in Indonesia using LockBit, asking for US$8 million in ransom.
Experts interviewed by AFP agreed that ransomware attacks are likely to rebound quickly – possibly in the next few months.
Mr Liska said: “It’s going to bounce back.
“Right now, there’s just so much money in ransomware that people don’t want to stop.” AFP
