Cybercrime gangs are seeking to regain momentum in their operations by employing new tactics after police campaigns worldwide this year significantly reduced their activities, experts warn.
LockBit Gang
This year has been tough for these gangs, with law enforcement agencies managing to dismantle several prominent groups, including “LockBit,” a vast network of cybercriminals primarily from Russian-speaking countries.
Members of the LockBit network were the main developers of malware that enabled cybercriminals to lock victims out of their networks, steal their data, and demand ransom for its return.
Ransomware attacks using LockBit and other malware have caused significant disruption to governments, companies, and public services such as hospitals.
To regain access to their data, victims have paid hundreds of millions of dollars to the gangs, often in untraceable cryptocurrencies.
Nicolas Riga Clemento of the French consulting firm XMCO stated that the dismantling of LockBit in February and another botnet network in May led to a “cleansing” of the ransomware landscape. However, he noted that “new groups” have since emerged and are beginning to organise themselves.
Alain Liska of the American cybersecurity firm Recorded Future echoed these concerns, highlighting worrisome trends among some of the new groups.
Extortion Sites
Liska mentioned that some new gangs seem to be considering physical violence threats in addition to online intimidation. He pointed out that the gangs might have stolen a collection of personal information, including addresses of senior executives.
“So, if you don’t get anywhere in your negotiations, it gives you material to use for threats,” Liska explained, adding, “We might do something in the real world to harm you or your family.”
Liska and other experts are still assessing the new landscape, noting that several new groups have surfaced. He estimated that around 12 new groups have appeared since the crackdown on LockBit, a higher number than typically recorded in such a short period.
These new groups have all launched extortion sites listing victims’ names, though their effectiveness remains unclear.
Renewed Activity
Law enforcement agencies halted LockBit’s operations in February. The gang had targeted more than 2,000 victims and collected over $120 million in ransoms since its formation four years ago, according to US authorities.
Victims of these operations include the UK’s Royal Mail, American aircraft manufacturer Boeing, and a Canadian children’s hospital.
Moreover, US authorities revealed that they had recovered hundreds of encryption keys and returned them to the victims.
However, the technical capabilities of the malware creators still exist. In June 2024, the gang attacked a government data centre in Indonesia using LockBit, demanding an $8 million ransom.
Experts agree that ransomware attacks are likely to rebound quickly, possibly within the next few months. “These malicious actors will see a resurgence in their activities,” Liska stated. “Right now, there is a lot of money being made from ransomware that people don’t want to stop.”
