Where have all the cyber bad guys gone?
Not a day goes by that cybersecurity is not front and centre in our office. Dealing with clients, battling a ransomware or cyberattack.
Here in Ireland we would be familiar with Conti. Last year they had 60 operatives and made over $160 million. Ransomware attacks continue to happen, but a new group, LockBit, have been extremely busy and in the first week of January they have claimed to have successfully compromise 40 major organisations, from a private school to a dental group. They now hold the position as the biggest players in the market.
LockBit has captured the largest number of victims among the thirteen leading ransomware groups, and it is estimated by security analysts that it is responsible for 25% of all known attacks in 2022.
Closer to home, the group attacked the UK’s Royal Mail and has certainly been its biggest target to date, knocking out the UK’s critical infrastructure, making it unable to send mail outside the UK. The week-long upset came hot on the heels of eighteen days of strikes during a five-month period, pressurising the Royal Mail to sort out the problem of ransomware.
Many security researchers believe LockBit is the most professional, most sleek and efficient gang in the world.
In a recent posting on the Dark Web, an anonymous post read ‘’Guys, you can calm down.’’ The post revealed it was from a LockBit affiliate. The hackers now have already been described as having ten top elite members, specialising in decrypting and deleting and disposing of stolen data after capturing the ransom payment.
The founding fathers of the group have taken advantage of the break up of rival gangs to corner the market. One of their marketing gimmicks is to offer $1,000 if people are willing to have a tattoo of the group’s name.
Many believe the war in Ukraine was responsible for the break up of the Conti hackers group, according to a Ukrainian insider who fell out with the group over its’ policies. During this time, founding fathers of the group stepped in to identify the network of targets.
Industry sources relying on real time threat intelligence tells us that LockBit is believed to have originated in Russia and neighbouring countries, relying on the ‘turn a blind eye’ approach to investigation, extradition, etc. The FBI estimate LockBit has made over $100 million.
In our experience, successful ransomware attacks are rarely publicised, so it will be interesting to see if the Royal Mail pays the ransom. If not, the ongoing disruption will continue.