Operation Cronos: How hitting LockBit group changed the rules of the cybercrime game


Operation Cronos and the LockBit Group – Trend Micro Analysis

The latest study conducted by Trend Micro after a recent hiatus in the activities of the LockBit group, caused by law enforcement actions, has revealed a significant impact of these actions on the functioning of this organized criminal group.

Effects of Operation Cronos

Operation Cronos was carried out to weaken the technical infrastructure of LockBit and provide a decryption tool, enabling victims to recover encrypted files without paying a ransom. According to Trend Micro’s analysis, the law enforcement actions aimed at compromising the reputation and trust of the group had a significant effect on the ransomware-as-a-service model operated by the LockBit group.

Decrease in LockBit Infections

Following Operation Cronos, a significant decrease in LockBit infections was observed. Despite attempts to continue operations by the group, researchers noted that almost two-thirds of the victims listed on the data leak site had returned from attacks prior to the hiatus, indicating a weakening of the group and a shift in how its credibility is perceived.

Impact of the Operation on the Brand

Operation Cronos also affected the image and reputation of LockBit, exposing the group’s internal mechanisms, victim data, and partner identities. The consequence of these actions may include deterring potentially valuable partners and facing challenges in resuming operations after such a decisive blow from law enforcement agencies.

Effects of the Operation

Operation Cronos included the closure of 34 servers in different countries, freezing 200 cryptocurrency accounts, the arrest of two individuals in Poland and Ukraine, and the issuance of three international arrest warrants by French and American authorities, indicating the scope and scale of the operations.

Research Findings

Trend Micro’s research highlights the significant role of effective cooperation between law enforcement agencies, industry partners, and the necessity for patience in actions against criminal groups. Such coordination can contribute to a more effective fight against cybercrime in the future.