Operation Cronos: A great dopamine hit
Enjoy it while it lasts
Let me say this upfront (in a likely long run-on sentence): The takedown of the ransomware group Lockbit’s infrastructure, the arrest of two members, the sanctions against other members in Russia, and the impressive trolling of the group by the Law Enforcement coalition that conducted this was impressive; a great success for the law enforcement investigators that did the leg work, and created a fantastic anti-criminal dopamine hit for all who paid attention to it. Heck, I talked about it every day on my Cyber Smart Morning News update podcast this week. BUT, this too shall pass.
I am REALLY not trying to throw cold water on the hard work done by all involved, or the week-long trolling (that is pretty awesome frankly), but this is largely analogous to the Feds taking down part of the Mafia in NY in the 80s or a huge cocaine drug bust on the border. Despite the success, the positive temporary news cycle, and justice being handed out, the issue at hand, in this case ransomware, has not been stopped. So let’s not miss the forest for the trees here.
I say this not to discount the efforts to disrupt Lockbit, but to take a dispassionate look at what the future of ransomware is likely to look like, at least in the short term:
Lockbit’s infrastructure may be lost to them, but there is likely other infrastructure that remains in place or is redundant. They will move it to servers and services that will be more difficult to target. The group will also likely disband, reorganize, and rebrand.
Other ransomware groups will gather as much intel as they can from the indictments (which will be made public and some LE methods will be listed) and alter their tactics, techniques, and procedures (TTPs) to prevent a similar fate happening to them.
Ransomware incidents will decrease for a limited time as groups reassess their operational security and attempt to harden their own resources, infrastructure, communication methods, and blockchain addresses.
Lastly (and most troubling) there will be a short-term feeling of safety by future victims who think the ransomware problem has been solved and lower their own defenses and operational security.
So keeping this in mind, it is important to remember that the ransomware threat is still massive, ransomware groups will continue to refine their tools, and more victims are forthcoming.
All entities, SMBs, Large Enterprises, Schools, Municipalities, Hospitals, and so on, need to stay vigilant, continue to educate employees as to cyber threats and risks, keep a strong patch management strategy, and review intelligence that identifies new threat actor TTPs, and know that this is not the end of the ransomware problem. If anything ransomware actors will double down on their efforts to show that this was little more than a blip on the radar.
So, let’s remember to 1) Understand the Threats targeting you, 2) Assess your risk, and 3) Proceed wisely online.
#knowledgeisprotection