The Billion Dollar Cost of Cybercrime: Lessons from the LockBit Takedown

By James Rees, MD, Razorthorn Security

The recent LockBit group take down has shown the world at large the cost of cybercrime. Initially it was reported that just over $100 million had been gathered through the nefarious acts of this particular group but, as I suspected, that initial figure was just a drop in the ocean. It turns out that the real figure was in excess of $1 billion dollars over the last four years, and I still suspect this may be more.

Cybercrime has been rife for years now, and with criminal organisations around the world able to profit exponentially more through cybercrime than more traditional criminal activities, it was bound to become popular. This has led to a huge explosion of incidents all around the world and significant debate from all areas of the business world as to what this means for the future. The World Economic Forum themselves, in their most recent report, state that cybercrime is one of the top ten risks to the world at large, from large businesses through to the common folk. Cybercrime is fast becoming the number one criminal threat to the world’s economies.

LockBit & Ransomware-as-a-Service (RaaS)

The LockBit group is just one of many such criminal organisations operating in the cyberspace, and the way they were operating is a stark reminder of the sophistication and scale at which these cybercriminals work. They used a ransomware variant (known as LockBit) to hack into corporate networks, encrypt data and then demand a ransom in cryptocurrency for its release. They operated in what is known as Ransomware-as-a-Service (RaaS) model. In this model, ransomware developers offer their malware to other criminals who then launch attacks on their targets. The developers earn a commission on each successful extortion. This business model has led to an explosion in the number of ransomware attacks worldwide.

However, even beyond ransomware, there has been an increase in various other forms of cybercrime, such as identity theft, financial frauds, DDoS attacks and more. As more people increasingly live their lives online – from shopping to banking to socialising – it has created numerous opportunities for cybercriminals to exploit.

The Driving Forces Behind Cybercrime

 There are several reasons for this explosion of cybercrime:

• The anonymity that the internet provides: Cybercriminals can operate from anywhere in the world without revealing their true identities.
• The low barrier to entry: With readily available tools and software, anyone with basic computer skills can become a cybercriminal. 
• The high returns: Cybercrime can be extraordinarily profitable with relatively low risk compared to traditional crimes.

Cybercrime has gone from being run in small groups to much larger groups, backed up by a huge shadow economy of cybercrime organisations that provide tooling, support and advisories in a similar way to the way cybersecurity consultancies provide services to the legitimate business world. And you know what? These organisations are better funded, in some cases better organised and highly adaptable in the way they operate – ways that conventional companies cannot compete with.

We have to remember that cyber criminals follow the money, they attack companies they know have critical systems and are more likely to pay: why hit a small insurance firm when you can hit a manufacturing company providing parts to Operational Technology (OT) organisations. Similarly, we have seen a huge rise in attacks against US based health institutions recently because the cyber criminals know they are likely to pay out, quickly and efficiently. They don’t want to spend time negotiating, they want to grab what they can and move on… after all, time is money, be it legitimate business or cybercrime.

A Dangerous Future: The Escalating Threat

All in all, we are facing a very dangerous future. Cybercrime will continue to rise. With ever more political conflict erupting in the world, cyber warfare attacks will also become more frequent, funded by governments paying these same cybercrime groups to target industries in what their patrons deem as ‘enemy countries’. This seems like fantasy, but I assure you it is not. It has happened historically in many places, even before the internet. Why should it not be the case in the digital world?

As I have stated many times before, this is why we need to carefully return to our defence in depth, our security strategies, our intelligence gathering to continuously update our defences. We need to include things like continuous penetration testing, security baselining, assessments of security on a regular basis and real, meaningful budgets so we can protect our economies and critical infrastructure from this insidious pattern of ever escalating cyber security threat.

We cannot afford not to.