Trend Micro Incorporated, a global cybersecurity player, revealed its critical role in helping global law enforcement partners disrupt mega-ransomware group LockBit, and kill the viability of its long-term malware plans. Through undercover infiltration, Trend helped prevent the release of the group’s next malware products and automatically installed protection for Trend Micro customers, even before the group themselves had finished testing.
Robert McArdle, a leader in Trend Micro’s cybercrime research team and collaborator with the Federal Bureau of Investigation (FBI) and National Crime Agency (NCA), said: “We are honored that our threat intelligence is uniquely valuable to global law enforcement in the shared mission to make the world safer.”
This group was responsible for about 25 percent* of all ransomware leaks in 2023 and caused billions of dollars in losses for thousands of global victims over the past four years. Due to the potential damage that this group can cause, the Philippine National Police (PNP) last year warned Filipinos about LockBit and recommended several cyber hygiene practices to avoid becoming a victim to the group.
McArdle continued, “Last week Trend secured global Microsoft users from a critical vulnerability and this week we were a part of dethroning the most critical threat actor group in the world. Now, insiders aren’t naïve enough to assume this will eliminate the crime group, but we know that no sane criminal would want to be involved with this group again.”
Details from behind the scenes are unfolding and include cryptocurrency seizure, arrests, indictments, imposing sanctions and additional technical support for victims. The operation took over LockBit’s leak site, disclosing information and personal identities of group members and details of their previous works. These actions essentially make the group unwelcome and untrusted in the cybercrime world—and therefore unviable as an underground business.
Ransomware is one of the most serious cyber threats facing organizations today, known for disrupting schools, hospitals, governments, and businesses and imperiling critical national infrastructure. It does all of this while lining the pockets of a few small cybercrime groups: last year, victims paid over $1 billion to these groups and their affiliates, a record figure.
This work ultimately supported the following outcomes:
- Trend’s delivery of protection in advance against LockBit-NG-Dev for its customers.
- The neutralization of a potentially prolific strain of ransomware—preventing its use in future enterprises these actors may look to run.
- A law enforcement operation that will hopefully see the end of LockBit as we know it and sets a new benchmark for international collaboration across law enforcement and private partners.
While LockBit was, without doubt, the largest and most impactful Ransomware operation globally, this disruption makes it very clear that all criminal affiliates should strongly reconsider any involvement with them in the future and that in partnering with this organization, these associates have put themselves at increased risk of law enforcement action.