Trend Micro, a global cybersecurity leader, has made public the details of the threat intelligence activity with which it supported law enforcement agencies against the LockBit ransomware group. The action, known as “Operation Cronos”, targeted the cybercriminal group responsible for a quarter of all ransomware attacks globally and represents a key step forward in the fight against cyber threats. Details are available in the report “Unveiling the Fallout: Operation Cronos’ Impact on LockBit Following Landmark Disruption.”
The Cronos operation stands out from all the others because it was not just a simple setback for the Lockbit group, but it was a decisive attack that allowed it to paralyze the infrastructure, weaken the financial mechanisms, reveal the affiliates and question trust within criminal networks. The planned counterattack on the group ruined LockBit’s reputation in the cybercrime underground, frustrating its reorganization efforts. The “Lockbitsupp” gang leader has been banned from two popular underground forums, XSS and Exploit.
The group has attempted to reconstruct the New Onion leak sites, which launched a week after the operation, and Lockbitsupp is actively seeking intermediaries to purchase .gov, .edu, and .org top-level domains, in what appears to be a retaliation for Operation Cronos. In any case, their efforts brought no results. Trend telemetry reveals very few successful cyberattacks after law enforcement blocking, and the vast majority come from previous campaigns or other cybercriminal groups like ALPHV.
The group has developed a new version of the ransomware, Lockbit-NG-Dev, which Trend has already monitored, providing enhanced protections to customers.
These are the main results of Operation Cronos:
• Damage to LockBit’s reputation: With its reputation ruined, LockBit faces major challenges in rebuilding operations and contacts
• Strategic infrastructure destruction: The depth of the operation made the process of rebuilding LockBit difficult and time-consuming, delaying any potential recovery
• Effective Deterrence: Details of affiliate activities and subsequent warnings likely dismantled all of LockBit’s affiliate programs, further weakening their operational capacity
• Even more security for companies: Trend customers benefit from the outcome of the operation and from the lower risk of being targeted by an important protagonist of the ransomware scenario
The results of this operation demonstrate Trend’s continued pursuit of anticipating cyber threats and protecting organizations around the world from the ever-evolving dangers of the cyber landscape. The best way to combat common adversaries is certainly to continue sharing intelligence data quickly and efficiently.