In the world of cybercrime, gangs are demonstrating resilience and adapting to law enforcement operations that have dealt significant blows to their activities, according to experts. International police efforts earlier this year targeted prominent cybercriminal groups, including LockBit, known for developing malicious software used in ransomware attacks.

LockBit, a loosely connected network of predominantly Russian-speaking criminals, was responsible for creating software that enabled criminals to lock victims out of their networks, steal sensitive data, and demand ransom payments for its return. The use of LockBit and similar software resulted in widespread disruption of governments, businesses, and public services, with victims paying millions of dollars in untraceable cryptocurrencies as ransom.

The dismantling of LockBit and the subsequent takedown of another network of malicious bots in May significantly disrupted the ransomware landscape. Nicolas Raiga-Clemenceau from XMCO consultancy in France described it as a "cleaning up" of the ransomware scene, although he highlighted the emergence of several new groups since then that are beginning to organize themselves.

Allan Liska, an expert from US cybersecurity firm Recorded Future, expressed concern about the potential emergence of new trends among these newer gangs. He suggested that some of them may resort to threats of physical violence instead of online intimidation. Liska emphasized that since many gangs have already obtained personal information, such as the addresses of senior executives, they could use this information as leverage during negotiations. This tactic, termed "violence as a service," raises the stakes in an already high-stakes criminal landscape.

While experts are still assessing the impact of these new developments, they note that an unusually large number of new groups, approximately a dozen, have emerged since the takedown of LockBit. These groups have launched extortion websites that list their victims, but it remains uncertain how effective they will be in their endeavors.

LockBit, which law enforcement authorities managed to dismantle in February, had affected over 2,000 victims and raked in more than $120 million in ransom payments over its four-year tenure. High-profile targets included the UK's Royal Mail postal service, US aircraft manufacturer Boeing, and a children's hospital in Canada. While law enforcement has recovered hundreds of encryption keys and taken control of LockBit's operations, the software itself continues to pose a threat. Just last month, a gang used LockBit to attack a government data center in Indonesia, demanding a ransom of $8 million.

Experts interviewed by AFP anticipate that ransomware attacks will rebound swiftly, potentially in the coming months. Liska highlighted that the profitability of ransomware attacks motivates criminals to persist despite law enforcement actions. He summed up the situation by stating, "Right now, there's just so much money in ransomware that people don't want to stop."

As cybercrime gangs regroup and adapt their tactics, law enforcement agencies face an ongoing battle to combat their activities and safeguard individuals, businesses, and public institutions against the escalating threat of ransomware attacks.