"How LockBitSupp Charges Impact the Future of Ransomware Investigations

At RSA Conference 2024, Allan Liska of Recorded Future shared insights on evolving ransomware tactics and the significant law enforcement victory of exposing the leader behind the notorious LockBit ransomware group.

The U.S. Department of Justice recently identified Dimitry Yuryevich Khoroshev, aka "LockBitSupp," as the ringleader of the LockBit gang, issuing sanctions against him and launching coordinated actions with law enforcement in the U.S., U.K., and Australia. Despite previous attempts to dismantle LockBit, the group has remained active, and the recent crackdown emphasizes a new, ongoing strategy: making ransomware criminals aware that, although they may be out of reach in certain countries, global intelligence agencies are relentlessly pursuing them.

Liska believes the public unveiling of Khoroshev’s details is part of a broader effort to disrupt ransomware gangs’ operations by limiting their access to funds. Sanctions, Liska explains, can prevent perpetrators from receiving payments, a crucial tactic to weaken their business model.

The interview also touches on the broader ransomware landscape, noting the increasing sophistication of attacks, including the rise of data extortion tactics and the evolving tactics to bypass endpoint detection. Liska advocates for a more proactive defense, urging companies to monitor for suspicious PowerShell scripts and to ensure their EDR systems are functioning correctly—since ransomware often disables them early in the attack.

As the ransomware threat persists, Liska sees a shift towards newer groups like Rhysida and Akira, with the possibility of fresh players rising to prominence. He warns that while recent victories against LockBit are significant, the battle is far from over.

Source : What LockBitSupp charges mean for ransomware investigations | TechTarget