Fraud Management & Cybercrime , Geo Focus: The United Kingdom , Geo-Specific
Operation Cronos Is Disrupting LockBit, Says UK Official
Impact Is "What We Would Have Hoped For," Says NCSC CTO Ollie WhitehouseA British cybersecurity official touted an international operation against LockBit, saying multiple strikes aimed at the ransomware-as-a-service have disrupted its ability to recruit hackers.
See Also: Demostración Del Producto: Backup Y Recuperación De VM
Law enforcement agencies from the United Kingdom, United States, France and Spain - participating in LockBit campaign dubbed operation Cronos - earlier this month announced further indictments, sanctions and server takedowns. An initial effort in February resulted in the seizure of 35 LockBit servers, including the group's then-dark web leak (see: LockBit and Evil Corp Targeted in Anti-Ransomware Crackdown).
The U.K. National Crime Agency, along with the National Cyber Security Center, obtained 2,500 decryption keys, as well as a list of all LockBit affiliate usernames and Bitcoin addresses linked to victim payments.
Speaking to Information Security Media Group, NCSC CTO Ollie Whitehouse said Wednesday the operation has fragmented LockBit's ransomware affiliate model.
"We have observed the operation has caused a degree of disruption, it's caused a fracturing between the affiliates and the kind of the affiliate model in that instance. So we would consider the impact to be what we would have hoped for," Whitehouse said.
As part of a wider crackdown on the ransomware ecosystem, the U.K. government also sanctioned 16 individuals who were part of the defunct ransomware group Evil Corp that worked as a Russian state proxy (see: Evil Corp Protected by Ex-Senior FSB Official, Police Say).
Ransomware nonetheless continues to pose "material risk" to "wider U.K. society," said Whitehouse, who is responsible for shaping and delivering the U.K.'s national approach to cybersecurity within the NCSC.
A recent high-profile incident includes a June ransomware attack on a U.K. National Health Service IT vendor that led to blood shortage across U.K. hospitals. It delayed nearly 6,199 acute outpatients and 1,491 elective procedures (see: NHS Ransomware Hack: 1,500 Medical Appointments Rescheduled).
The U.K. government has been following a two-step strategy to tackle ransomware and other cyberthreats to the country: protecting the country's critical systems from advanced actors and prioritizing security improvements, Whitehouse said.
"So we have those two lenses: the most sophisticated against the most critical. And then, how do we protect everyone else, against those who go after anyone and cause harm?" Whitehouse said.
A key step for the government has been to build cyber resilience through secure-by-design policies, Whitehouse added. A draft codes of practice released by the U.K. Department for Science, Innovation, and Technology in August intends to reduce disruptive cyberattacks stemming from vulnerable third-party software (see: UK Software Security Code of Practice Earns Mixed Reviews).
Although the lack of market incentives remains a challenge for wider adoption of such security-by-design by vendors, Whitehouse said.
"At the moment, we are exploring how the codes of practice can be written into software purchasing and other procurement process," Whitehouse said.
The government intends in March to put forward its Cyber Security and Resilience bill, legislation that would make patching flaws and reporting ransomware incidents mandatory (see: UK Labour Introduces Cyber Security and Resilience Bill).