Cybersecurity News in Asia

Features
- Featured
  
  Editor's pick: Cybersecurity trends in 2026
  
  Wednesday, January 7, 2026, 10:36 AM Asia/Singapore | Cyberthreat Landscape, Features
- Featured
  
  Exploding identity fraud and deepfakes challenge manual oversight of autonomous AI
  
  Tuesday, December 30, 2025, 9:27 AM Asia/Singapore | Features, Newsletter
- Featured
  
  Amid rapid digitalization and lagging cybersecurity oversight, India buckles up
  
  Monday, December 22, 2025, 4:50 AM Asia/Singapore | Features
Opinions
Tips
Whitepapers
Awards 2025
Directory
E-Learning

LockBit, disrupted… !?

By CybersecAsia editors | Friday, February 23, 2024, 10:02 AM Asia/Singapore

At least for the time-being, as a tripartite crackdown takes down the ransomware group’s infrastructure and arrests some of its members.

Recently, global law enforcement agencies announced a major victory in relation to the highly prolific ransomware group LockBit. The latter’s web infrastructure was successfully taken down, and two of its members were arrested, while two others were charged for serious crimes.

Since 2020, LockBit has been among the top 10 most reported ransomware infections. With the demise of Conti in early 2022, LockBit had vaulted to the top of the charts.

According to Chester Wisniewski, Director, Global Field CTO, Sophos, a firm that been tracking the evolution of LockBit over the past four-and-a-half years, the decentralized nature of ransomware groups makes them particularly difficult to track down. However, on 19 Feb 2024, “the work of the UK’s National Crime Agency and their international partners (the US and the EU) has delivered a severe blow to the world’s most prolific criminal ransomware syndicate. This is the most insight we have gained into how these groups operate since Conti’s implosion in May of 2022.”

Importantly, the law enforcement agencies involved have acquired access to the encryption keys used to hold LockBit victims’ files hostage, and will hence in efforts to recover stolen files. “Hopefully this will expedite recovery and lessen the impact for LockBit’s targets. It was also disclosed that for that paid ransom(s), their data was not in fact deleted by the criminals, which sadly should come as no surprise,” noted Wisniewski.

However, as has happened so often with other threat groups, will LockBit make a comeback in one form or another? Wisniewski said that, although much of LockBit’s infrastructure is still online, he does not expect the group to make a triumphant return: “These groups continually rebrand and regroup under different banners … and take on name identities to evade sanctions. It’s probably fair to say goodbye for now, but just like other groups before them, those who are not apprehended are likely to continue their crime spree. We must remain vigilant and not let our guard down.”