Global Law Enforcers Seek Trend Micro's Help in Taking Down Top Ransomware Threat Group LockBit

Trend helps shield the world from an unreleased ransomware attack and delivers advanced protection to customers

SYDNEY, February 23, 2024 Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global cybersecurity leader, today revealed its critical role in helping global law enforcement partners disrupt mega-ransomware group LockBit, and kill the viability of its long-term malware plans. Through undercover infiltration, Trend helped prevent the release of the group’s next malware products and automatically installed protection for Trend Micro customers, even before the group themselves had finished testing.

Robert McArdle, a leader in Trend Micro’s cybercrime research team and collaborator with the Federal Bureau of Investigation (FBI) and National Crime Agency (NCA), said: “We are honoured that our threat intelligence is uniquely valuable to global law enforcement in the shared mission to make the world safer.”

This group was responsible for about 25 percent* of all ransomware leaks in 2023 and caused billions of dollars in losses for thousands of global victims over the past four years.

McArdle continued, “Last week Trend secured global Microsoft users from a critical vulnerability and this week we were a part of dethroning the most critical threat actor group in the world. Now, insiders aren’t naïve enough to assume this will eliminate the crime group, but we know that no sane criminal would want to be involved with this group again.”

Details from behind the scenes are unfolding and include cryptocurrency seizure, arrests, indictments, imposing sanctions and additional technical support for victims. The operation took over LockBit’s leak site, disclosing information and personal identities of group members and details of their previous works. These actions essentially make the group unwelcome and untrusted in the cybercrime world—and therefore unviable as an underground business.

Ransomware is one of the most serious cyber threats facing organisations today, known for disrupting schools, hospitals, governments, and businesses and imperilling critical national infrastructure. It does all of this while lining the pockets of a few small cybercrime groups: last year, victims paid over $1 billion to these groups and their affiliates, a record figure.

This work ultimately supported the following outcomes:

While LockBit was, without doubt, the largest and most impactful Ransomware operation globally, this disruption makes it very clear that all criminal affiliates should strongly reconsider any involvement with them in the future and that in partnering with this organisation, these associates have put themselves at increased risk of law enforcement action.

This blog covers findings from Trend’s analysis of the next version of LockBit ransomware malware:

*Based on Trend Micro analysis and tracking of ransomware leak sites, LockBit accounted for approximately 25 percent of all ransomware leaks in 2023.

About Trend Micro

Trend Micro, a global cybersecurity leader, helps make the world safe for exchanging digital information. Fueled by decades of security expertise, global threat research, and continuous innovation, Trend Micro's cybersecurity platform protects hundreds of thousands of organisations and millions of individuals across clouds, networks, devices, and endpoints. As a leader in cloud and enterprise cybersecurity, the platform delivers a powerful range of advanced threat defence techniques optimised for environments like AWS, Microsoft, and Google, and central visibility for better, faster detection and response. With 7,000 employees across 65 countries, Trend Micro enables organisations to simplify and secure their connected world.

Media Contact:
Meshal Malik