Concept art representing cybersecurity principles

In February 2024, Operation Cronos, a coalition of international law enforcement agencies led by the UK’s National Crime Agency and the U.S. FBI, seized control of the attack infrastructure of the infamous Lockbit ransomware gang, deemed the world’s ‘most harmful cyber group.’ A sigh of relief echoed across the infosec community, with many believing this marked the end of an ongoing nightmare. However, reality proved different: less than a week later, the ransomware-as-a-service operator was back online with a new leak site, listing five victims and countdown timers for the publications of the stolen information.

This resurgence is not atypical. These threat groups are increasingly deploying an advanced attack infrastructure and comprehensive backups that allow them to return to operations. I will set out three recent examples that demonstrate the resilience of these groups to law enforcement interventions.

Paolo Passeri

Cyber Intelligence Principal, Netskope.

Lockbit’s resilience