Is the LockBit takedown really a victory for law enforcement


The takedown of the LockBit servers and website is undoubtably a great success for law enforcement. While this disruption has been one of the most high-profile, it is a tactic police forces have been using for years. However, past examples have shown how groups can quickly regroup following these disruptions. For example, last year Arctic Wolf identified how the new ransomware group Akira had risen from the fallout of the Conti ransomware in 2022. Given the dispersed nature of LockBit, it is also likely threat actors that aren’t involved in any follow-up arrests will still make use of the existing infrastructure not affected by this activity.

While the initial disruption is likely to be short-lived, the takedown also serves other purposes. For example, recent Arctic Wolf research found the average cost of ransomware payments had increased by 20%, which in the past firms may have been willing to pay to recover data. Now, current victims could recover their data from the servers seized by the FBI, and new victims of ransomware may feel more empowered to refuse demands from criminals. The operation also serves as a warning to other criminals that their actions have consequences, and acts as a deterrent to other threat actors tempted to join a big group.