How will global taskforce’s blow to LockBit Ransomware gang impact Indian enterprises

Last week, an inter-nation taskforce of law enforcement agencies disrupted the operation of ransomware group LockBit in the US and UK. Called Operation Cronos, the taskforce was headed by UK's National Crime Agency, and supported by US’ Federal Bureau of Investigations and agencies from Canada, Australia, Japan, and several other European Union (EU) members. 

Operation Cronos was a month-long effort which ultimately led to the arrest of two LockBit actors along with issuance of three international arrest warrants and five indictments by the French and US judicial authorities. Further, 34 servers in the US, UK, Netherlands, among others were taken down and more than 200 cryptocurrency accounts linked to LockBit were frozen, European law enforcement agency Europol said in a blog.

To be sure, LockBit said on Sunday that it is re-launching its ransomware operation on a new infrastructure. Downplaying the disruption by the enforcement authorities, LockBit published a lengthy blog, saying that “personal negligence and irresponsibility” led to disruption in its activity. The gang also claimed that it lost only the servers running PHP, while the others remained untouched. As per Bleeping Computers’ report, LockBit aims to now ‘focus more of their attacks on the government sector’.

What is in for Indian enterprises?

One of the most prolific and infamous ransomware gangs globally, LockBit, to date has attacked several organisations and institutions such as chipmaker TSMC, UK’s Royal Mail, broker firm Motilal Oswal Financial Services (MOFSL), and the National Aerospace Laboratories (NAL) in India. It operates on a ransomware-as-a-service (RaaS) model, which is seeking extorting ransom in exchange for stolen documents, data, and other critical information.

As per data compiled by cybersecurity solutions provider Check Point, in 2023, India had the highest victim of LockBit ransomware attacks in the APAC region. Globally, countries like the US, UK, France, Germany, and Canada were found to be most impacted. 

“The boom in the volume of digital data being stored, processed and shared across and between businesses in India presents attackers, such as Lockbit, with an attractive opportunity,” Philippa Cogswell, Managing Partner, JAPAC, Palo Alto Networks Unit 42 told TechCircle. 

“Lockbit is well-funded and recruits numerous affiliates to conduct ransomware attacks, each of which will have and evolve their own methodologies over time,” she said

Criminals will now begin to shift from large RaaS service providers like LockBit to form smaller and discreet group, predicts Andy Thompson, Global Research Evangelist at CyberArk. “While compensating for the reduced number of victims, these smaller groups will be demanding considerably larger ransoms,” he said.

Ransomware landscape in India

According to a report by Check Point released in August 2023, organisations in India experienced an average of 2,152 attacks in the first half of 2023, marking a 20% year-on-year rise. In this period, 48 ransomware groups were identified, with Lockbit3 emerging as the most prominent ransomware variant. The misuse of artificial intelligence (AI) has intensified, with generative AI tools being employed to create phishing emails, keystroke monitoring malware, and rudimentary ransomware code, underscoring the need for more stringent regulatory frameworks.

“These attacks lead to significant financial damage, encryption of data, and business disruption, which highlight the imperative of having strong cybersecurity measures. Factors such as India's fast digitalisation, vulnerabilities to security gaps arising from low cyber awareness, and the far-reaching consequences, including disruptions to vital infrastructure and national security risks pose a threat,” said Ritesh Chopra, India Director, Norton.
 
“The major sectors hit include information technology, finance and manufacturing with a couple of known ransomware families such as Lockbit and Hive, focusing on the large enterprises,” he said.

This challenge necessitates continuous investments in cybersecurity, cyber awareness raising, strengthening of defence infrastructure, and the development of holistic incident response plans to secure the digital landscape of India, he added.