2021 has proven to be busy for law enforcement operations already, taking down numerous high-profile dark web marketplaces and forums including Dark Market (500k users, 2.4k sellers, transactions ~ €140 million), Emotet, Netwalker, and Egregor, with some even producing arrests of site operators. Digital Shadows’ new report, “Cybercriminal law enforcement crackdowns in 2021,” highlights the impact that these takedowns have had to date.
The report focuses, in part, on Emotet, the ransomware group which saw several members arrested earlier this year and has been offline since February. Digital Shadows attributes the lasting takedown to a combination of technical and organizational disruption. Law enforcement officials (LEOs) targeted Emotet’s infrastructure from the inside, redirecting traffic to a LEO-controlled infrastructure that enabled a mass-uninstall, wiping out the entire botnet almost immediately, combining this effort with the arrests of several key technical operators involved with the group. Emotet has since been offline for almost a month (compared to Trickbot, which involved no arrests, and recovered from a technical attack with minimal delay).
Despite the actions of law enforcement, ransomware attacks are still up and are projected to stay on that trajectory this year. And in the absence or recession of major players like Emotet, DarkMarket, or Egregor, others are stepping forward to take their place, often learning from the mistakes of their predecessors.
In 2021, Digital Shadows experts say we can expect malware and ransomware to continue to represent increasing threats, and that disrupted operators from groups busted by international law enforcement will return with new strategies.
Lawn enforcement must "must build on the momentum gained during 2021 to sow discord and distrust throughout the cybercriminal community," says Digital Shadows.
To read the full report, please visit https://www.digitalshadows.com/blog-and-research/cybercriminal-law-enforcement-crackdowns-in-2021/