Bit defenders

This week international members of law enforcement patted themselves on the back for slaying the proverbial dragon of LockBit, but in reality, it’s just one head of the Hydra.

I don’t mean to lessen or downplay that accomplishment either. This has been a serious blow to global cybercriminal activity and a victory against destabilizing actions taken by politically aligned criminal organizations (because let’s not pretend the ransomware gangs are largely state sponsored). However, I can’t help but think this is going to be an incredibly short-lived success.

Don’t believe me? ALPHV, aka BlackCat is still out there causing a ruckus attacking everything from governments to entertainment companies. There’s also Cl0p, responsible for the MOVEit data breach, one of the largest and most audacious acts of data exfiltration to date, and the group is projected to earn anywhere from $75 to $100 million for that attack.

If you read the excerpt from Jim McGann in our article on the incident, you’ll find his sentiments pretty closely mirror mine, and that is “A” for effort, but this rodeo isn’t over yet. I think what you’re going to want to do now is look at how much of a tangible effect this will have in the coming year. Ransomware victims paid over $1.1 billion dollars in 2023. Will this year be better, will this enforcement action manage to put a dent into that statistic?

If the answer to that is no, and that number soars even higher, then we’re going to need a new approach to fix the problem. As long as China and Russia are footing the bill for cybercriminals the masterminds of these groups will remain outside of the law’s ability to prosecute. Is artificial intelligence (AI) the answer? Do we need to redouble our enforcement efforts?

Maybe it’s time to put all our money to work and give them a better deal.