TREND MICRO Incorporated (TYO: 4704; TSE: 4704), a global cybersecurity leader, revealed its critical role in helping global law enforcement partners disrupt mega-ransomware group LockBit, and kill the viability of its long-term malware plans. Through undercover infiltration, Trend helped prevent the release of the group’s next malware products and automatically installed protection for Trend Micro customers, even before the group themselves had finished testing.

Robert McArdle, a leader in Trend Micro’s cybercrime research team and collaborator with the Federal Bureau of Investigation (FBI) and National Crime Agency (NCA), said: “We are honored that our threat intelligence is uniquely valuable to global law enforcement in the shared mission to make the world safer.”

This group was responsible for about 25 percent* of all ransomware leaks in 2023 and caused billions of dollars in losses for thousands of global victims over the past four years.

McArdle continued, “Last week Trend secured global Microsoft users from a critical vulnerability and this week we were a part of dethroning the most critical threat actor group in the world. Now, insiders aren’t naïve enough to assume this will eliminate the crime group, but we know that no sane criminal would want to be involved with this group again.”

Details from behind the scenes are unfolding and include cryptocurrency seizure, arrests, indictments, imposing sanctions and additional technical support for victims. The operation took over LockBit’s leak site, disclosing information and personal identities of group members and details of their previous works. These actions essentially make the group unwelcome and untrusted in the cybercrime world—and therefore unviable as an underground business.

Ransomware is one of the most serious cyber threats facing organizations today, known for disrupting schools, hospitals, governments, and businesses and imperiling critical national infrastructure. It does all of this while lining the pockets of a few small cybercrime groups: last year, victims paid over $1 billion to these groups and their affiliates, a record figure.

This work ultimately supported the following outcomes:
While LockBit was, without doubt, the largest and most impactful Ransomware operation globally, this disruption makes it very clear that all criminal affiliates should strongly reconsider any involvement with them in the future and that in partnering with this organization, these associates have put themselves at increased risk of law enforcement action.

An upcoming blog will cover findings from Trend’s analysis of the next version of LockBit ransomware malware will be issued Thursday by NCA and will be made available here:

* Based on Trend Micro analysis and tracking of ransomware leak sites, LockBit accounted for approximately 25 percent of all ransomware leaks in 2023.