Trend Micro Disrupts LockBit Mega-Ransomware Group

Trend Micro Incorporated, a global cybersecurity leader, has announced its crucial role in assisting international law enforcement partners in dismantling the mega-ransomware group LockBit.

Through covert infiltration, Trend helped prevent the release of the group’s upcoming malware products and automatically installed protection for Trend Micro customers before the group had even finished testing.

Robert McArdle, a leader in Trend Micro’s cybercrime research team and collaborator with the Federal Bureau of Investigation (FBI) and National Crime Agency (NCA), stated, “We are honored that our threat intelligence is uniquely valuable to global law enforcement in our shared mission to make the world safer.”

LockBit was responsible for approximately 25% of all ransomware leaks in 2023 and caused billions of dollars in damages to thousands of global victims over the past four years. The Philippine National Police (PNP) issued a warning about LockBit last year and recommended cyber hygiene practices to avoid becoming a victim.

McArdle further added, “Last week, Trend secured global Microsoft users from a critical vulnerability, and this week, we were part of dethroning the most critical threat actor group in the world. While this won’t eliminate the crime group, no sane criminal would want to be involved with them again.”

The operation involved cryptocurrency seizure, arrests, indictments, imposing sanctions, and additional technical support for victims. The group’s leak site was taken over, revealing information and personal identities of members and details of their past works.

These actions have essentially made the group unwelcome and untrusted in the cybercrime world, rendering their operations unviable as an underground business.

Ransomware is one of the most significant cyber threats facing organizations today, known for disrupting schools, hospitals, governments, and businesses and endangering critical national infrastructure. In 2023, victims paid over $1 billion to these groups and their affiliates, a record figure.

This work has led to the following outcomes:

1. Trend’s delivery of protection in advance against LockBit-NG-Dev for its customers.
2. The neutralization of a potentially prolific strain of ransomware, preventing its use in future enterprises.
3. A law enforcement operation that aims to end LockBit as we know it and sets a new standard for international collaboration across law enforcement and private partners.

While LockBit was undoubtedly the largest and most impactful Ransomware operation globally, this disruption sends a clear message to all criminal affiliates: reconsider any involvement with them in the future, as partnering with this organization puts you at increased risk of law enforcement action.