Summary5 min read

Mic Drop: The Demise of Ransomware and the Rise of Crypto – Detailed Summary

Podcast: Click Here
Host: Dina Temple-Raston
Episode: Mic Drop: The Demise of Ransomware and the Rise of Crypto
Release Date: January 3, 2025
Produced by: Recorded Future News

Introduction: A Promising Year for Cybersecurity

The episode opens with an optimistic note from Alexander Leslie, a threat intelligence analyst at Recorded Future:

"I am cautiously optimistic that we will all be a little bit safer and a little bit more secure." (00:17)

Host Dina Temple-Roston sets the stage by highlighting 2025 as a pivotal year in cybersecurity, marking significant advancements in combating ransomware threats.

The Lockbit Takedown: A Landmark Achievement

Background on Lockbit

Lockbit, a notorious ransomware-as-a-service (RaaS) group, has been a central figure in the cybercrime landscape. Unlike lone hackers, Lockbit operated an extensive ecosystem providing:

Prepackaged Ransomware Kits: Tools for deploying ransomware attacks.
Malware Templates: Aids for negotiating ransoms.
Dashboard Services: For tracking victims and managing operations.

Law Enforcement's Strategic Strike

In February 2024, a coordinated effort by the FBI and international law enforcement agencies targeted Lockbit, resulting in:

Arrests and Indictments: Two Russian nationals linked to Lockbit were apprehended.
Seizure of Servers and Source Code: Critical infrastructure and internal communications were compromised.
Shuttering of Dark Web Sites: Lockbit's extortion platforms were taken offline.
Recovery Tools for Victims: Authorities obtained decryption tools to assist victims in reclaiming their data.

Alexander Leslie reflects on the unprecedented nature of this operation:

"It's been a crazy year. It's shocked everyone." (01:09)

He further elaborates on the global coordination involved:

"Researchers in general are taken aback at the pace and the volume of law enforcement activity..." (04:07)

Impact of the Takedown

The takedown of Lockbit signaled a banner year of cybercriminal takedowns, forcing ransomware operators to restructure their operations. This disruption had a domino effect, destabilizing the broader ransomware ecosystem.

Alexander Leslie draws a parallel to dismantling a major cartel:

"Once that is gone... we see this immediate destabilization in the overall number of companies worldwide that are attacked..." (05:30)

Dina Temple-Roston highlights the tactical shift by cybercriminals post-takedown:

"Groups like Lockbit began to break up their operations into smaller, more component parts so they'd be harder to find." (05:45)

Disrupting the Ransomware Supply Chain

Post-Lockbit, law enforcement adopted a comprehensive strategy targeting the entire ransomware supply chain:

Info Stealers: Operators dealing with the sale and purchase of credentials necessary for launching attacks.
Malicious Code Development: Seizing platforms offering ransomware code on the dark web.
Cyber Forums: Infiltrating spaces where ransomware gang members network, recruit, and trade information.

Alexander Leslie emphasizes the effectiveness of this approach:

"Picking apart each part of the ransomware kill chain is the most effective way to not only disrupt ransomware, but disrupt everything that surrounds it as a whole." (07:24)

This pincer move strategy aims to:

Cut Off Encryption Capabilities: Limiting the tools cybercriminals need to execute attacks.
Disrupt Data Theft Operations: Preventing the exfiltration and ransom negotiation processes.
Undermine Money Laundering: Targeting the financial pathways that sustain cybercriminal activities.

The ultimate goal is to make ransomware operations less lucrative and more risky, deterring future cybercriminal endeavors.

Cryptocurrency: The Lifeblood of Cybercrime

The Evolution of Crypto in Cybersecurity

Cryptocurrency has been integral to cybercriminal activities, facilitating anonymous transactions and ransom payments. Dina Temple-Roston explores the transformative role cryptocurrency plays in both enabling and combating cybercrime.

Shifting U.S. Policy Under the Trump Administration

A significant focus is on the Trump administration's pro-crypto stance, which marks a stark contrast to previous skepticism:

Donald Trump's Shift: Initially critical of cryptocurrency, labeling it a threat to the dollar (10:23).

"I don't like it because it's another currency competing against the dollar. I want the dollar to be the currency of the world." (10:42)
Policy Reversal: By 2025, Trump champions crypto as a strategic asset, aiming to position the U.S. as a global crypto hub.

"The United States will be the crypto capital of the planet and the bitcoin superpower of the world, and we'll get it done." (09:20)
Cabinet Appointments: Key figures with strong crypto backgrounds are appointed, signaling a robust embrace of digital currencies.

Implications for Cybercriminals

Alexander Leslie provides an insightful perspective on how this policy shift could impact cybercrime:

"I think as the public and as our policymakers become more aware of cryptocurrency... it actually takes power away from the cybercriminals who have been operating behind a curtain for a long time." (11:30)

Key points include:

Increased Transparency: Greater public and regulatory scrutiny makes it harder for criminals to conceal illicit activities.
Enhanced Regulation: Stricter oversight of cryptocurrency exchanges and transactions hampers money laundering and ransom payments.
Public Awareness: Educating the public demystifies cryptocurrency, reducing its allure as an enigmatic tool for cybercriminals.

Dina further captures this sentiment:

"Crypto is much more normal than you think." (12:31)

Alexander Leslie reinforces the idea that demystifying cryptocurrency diminishes its utility for illegal purposes:

"Threat actors in general, like public awareness, is the most important, period." (12:07)

Conclusion: A Future of Enhanced Cybersecurity

The episode concludes with a hopeful outlook on the future of cybersecurity:

Law Enforcement Advantage: Continued dismantling of cybercriminal infrastructures promises a safer digital landscape.
Regulatory Progress: Proactive and informed regulation of cryptocurrency underlays a robust defense against cyber threats.
Public Engagement: Increased awareness and understanding of cyber tools empower individuals and organizations to defend against attacks effectively.

Dina Temple-Roston encapsulates the essence of the episode:

"The boogeyman will disappear once the public and policymakers focus on it and understand it and regulate it." (13:22)

As ransomware evolves and cyber threats adapt, the combined efforts of law enforcement, policymakers, and the public are pivotal in shaping a secure digital future.

This summary was crafted based on the transcript of the podcast episode "Mic Drop: The Demise of Ransomware and the Rise of Crypto" by Recorded Future News. For more in-depth discussions and future episodes, tune into Click Here every Tuesday and Friday.

Timestamp Reference

(MM:SS) indicates the minute and second in the transcript where the quote or information was stated.

Loading summary

Transcript43 lines

[00:03]
Dina Temple Roston
From Recorded Future News and PRX, this is click here. It feels like 2025 may be a really good year for cyber.
[00:17]
Alexander Leslie
I am cautiously optimistic that we will all be a little bit safer and a little bit more secure.
[00:24]
Dina Temple Roston
Wow. An optimistic foreign from Recorded Future News. I'm Dina Temple Roston, and this is Clickier's Mic Drop, an extended cut of an interview that we think you might want to hear a little more of. And today we want to talk about how 2024 provided the first indication that law enforcement was starting to get its arms around the problem of ransomware. And the first glimmer of hope came in February when law enforcement in the US And UK took aim at a group called Lockbit.
[01:02]
Unknown
The FBI says it infiltrated one of the world's most prolific hacker gangs and shut down its site on the Dark Web.
[01:09]
Alexander Leslie
It's been a crazy year. It's shocked everyone.
[01:16]
Dina Temple Roston
It turns out that was the beginning of a banner year of cybercriminal takedowns that force cybercriminals to completely restructure the way they operate. Which is why we called Alexander Leslie. He's a threat intelligence analyst at Recorded Future. Recorded Future News is an editorially independent arm of the company. And he said that 2024 was like nothing he'd ever seen before.
[01:41]
Alexander Leslie
Every time a new seizure comes out, everyone's like, immediately on social media, freaking out, talking about if we knew anyone, like, going back retroactively through leaks and reports and like, oh, my gosh, all of this makes sense.
[01:56]
Dina Temple Roston
Now in 2025, he expects law enforcement to crack down on cybercriminals even more. Stay with foreign. I'm Dina Templewrest and this is Click Here's Mic Drop. To understand why the Lock Bit takedown was so important, you have to understand that the group's specialty was something called ransomware as a service. Think of it as a one stop shop for cybercrime with a business model that's both frighteningly efficient and oddly relatable. Instead of a lone hacker cracking into some network and holding it hostage, Lockbit offered an entire ecosystem. Prepackaged ransomware kits, malware templates to help criminals negotiate ransoms. Even a dashboard that allowed someone to keep track of their victims. And then this happened. The FBI and international law enforcement agencies have arrested and indicted two Russian nationals tied to the notorious ransomware group known as Lockbit.
[03:12]
Alexander Leslie
So we think about, like, Lockbit being a center of power for ransomware, right? Everyone would go to Lockbit. Lock Bit was the biggest affiliate program in the world.
[03:24]
Dina Temple Roston
A coalition of law enforcement. Officials in more than 11 countries, including the UK and the US seized Lockbit servers, grabbed its source code and vacuumed up their internal chats. And just like that, a Russian speaking cyber gang responsible for everything from stealing data from Boeing to helping hack hospitals and schools around the globe suddenly found itself on its knees. Servers seized, dark web extortion sites shuttered. Officials even grabbed the code that would allow Lockbit's victims to decrypt and recover what Lockbit had stolen. Alexander Leslie said researchers like him were shocked.
[04:08]
Alexander Leslie
Researchers in general are taken aback at the pace and the volume of of law enforcement activity, not just by the U.S. but throughout Europe, throughout Asia, international organizations and coordinating efforts with Europol and Interpol. We've been shocked by all of this.
[04:29]
Dina Temple Roston
Law enforcement even created an old fashioned wanted poster and posted it online. It had a couple of pictures of a guy they said was Lockbit's leader, someone who went by the name Lockbit. Sub officials said he was actually a Russian national named Dmitry Khoroshov. The leader of Lockbit, the world's most.
[04:48]
Alexander Leslie
Infamous cybercrime gang, has just been doxxed by law enforcement.
[04:51]
Dina Temple Roston
We convinced Lock Bits up to talk to us shortly after that happened. And we talked to him through an encrypted app and had someone voice his replies. And he said, maybe not too surprisingly, that they had the wrong guy.
[05:05]
Alexander Leslie
I am very interested in how the FBI decided I was Dmitry Khoroshov. How did they find this person? Based on what facts?
[05:15]
Dina Temple Roston
In one way, whether they doxed the right guy or not hardly matters. Alexander says the operation against Lockbit had an incredible knock on effect. The same way a big drug bust against a cartel might disrupt drug trafficking more generally.
[05:30]
Alexander Leslie
Once that is gone, once a major cartel organization like that disappears, we see this immediate destabilization in the overall number of companies worldwide that are attacked or are publicly disclosed on the dark web.
[05:46]
Dina Temple Roston
And the Lockbit takedown was a warning. It seemed to be saying to any ransomware as a service operation, be careful, there's a target on your back. You guys are so big, we'll find a way in somehow. So ransomware as a service. Groups like Lockbit began to break up their operations into smaller, more component parts so they'd be harder to find. And takedowns when they happened wouldn't be so devastating. So is it wrong to think of it as almost like metastasis? Whereas before you had sort of a, a big tumor that you could look at and now it could be anywhere?
[06:23]
Alexander Leslie
I think that's a great metaphor. For what we're seeing, it parallels what we're seeing because, you know, I, I hate to kind of use cancer metaphors in general, but it has spread. Right? The, what we've effectively seen is ransomware has gone through several stages of evolution.
[06:49]
Dina Temple Roston
After the February takedown of Lockdit, law enforcement pivoted and started going after the ransomware supply chain. Not just the groups that wrote ransomware malware, but all the little steps in between that criminals needed to launch attacks in the first place. They cracked down on info stealers who buy and sell the credentials needed to launch an attack. They seized development on the dark web that offered the malicious code that vacuums up the data cybercriminals steal from ransom. They infiltrated forums where ransomware gang members hung out to network, recruit, and sell information.
[07:24]
Alexander Leslie
It's a massive web, it's a massive ecosystem. Picking apart each part of the ransomware kill chain is the most effective way to not only disrupt ransomware, but disrupt everything that surrounds it as a whole and everything connected to that, like kind of make that pincer move around ransomware to cut off ransomware from the rest of the underground. Because if it's got no way to encrypt or no way to steal data, if we, if we break off that entire kill chain, and then there's no benefit to ransomware, if it's no longer.
[07:56]
Dina Temple Roston
Lucrative, which would allow law enforcement to focus on all the other kinds of crimes that cybercriminals are committing.
[08:03]
Alexander Leslie
The money laundering. Now we're getting into sanctions evasion. Now we're getting into defense industrial base. Now we're getting into espionage activities and terrorist financing. If we're taking down the info stealer operators, now we're getting into cyber enabled scams, physical scam centers in Southeast Asia like this stuff.
[08:22]
Dina Temple Roston
It has a ripple effect.
[08:24]
Alexander Leslie
Yes, absolutely.
[08:25]
Dina Temple Roston
Which is of course, exactly what law enforcement wants to create. Right. That is more trouble than it's worth.
[08:31]
Alexander Leslie
Absolutely. The risk has to outweigh the reward in some way. And if the actor knows that the forum that I got into, this is not safe. The tools that I am using are not safe. I can't launder my funds anymore. I can't even buy things with the funds I got from the ransom payment. And not to mention ransomware itself is not safe. If we can diminish how lucrative ransomware is by attacking everything around it, it defeats the purpose of ransomware.
[09:06]
Dina Temple Roston
When we come back, we take a look at another part of the supply chain, the lifeblood of the cyber criminal enterprise, cryptocurrency and how the incoming Trump administration is embracing crypto like never before.
[09:21]
Donald Trump
The United States will be the crypto capital of the planet and the bitcoin superpower of the world, and we'll get it done.
[09:30]
Dina Temple Roston
And why that may be more more bad news for today's cyber criminals. Stay with us.
[09:50]
Unknown
You come to the New Yorker Radio Hour for conversations that go deeper with people you really want to hear from, whether it's Bruce Springsteen or Questlove or Olivia Rodrigo, Liz Cheney, or the godfather of artificial intelligence, Geoffrey Hinton, or some of my extraordinarily well informed colleagues at the New Yorker. So join us every week on the New Yorker Radio Hour. Wherever you listen to podcasts.
[10:23]
Dina Temple Roston
There'S one thing about cryptocurrency that just about everyone can agree on. Without it, cybercriminals would have a lot of trouble doing what they do. Just a few years ago, President elect Donald Trump said he thought cryptocurrency was a scam to undermine the dollar.
[10:42]
Donald Trump
I don't like it because it's another currency competing against the dollar. I want the dollar to be the currency of the world. That's what I've always said.
[10:50]
Dina Temple Roston
What a difference four years makes. Now Trump is all about crypto. He says he loves it. He even started a cryptocurrency company. And he's been filling his cabinet with people who are seen as real crypto backers. His pick for SEC chair is a Wall street lawyer who is pro crypto. Trump's nominee for commerce secretary runs a global financial services firm called Cantor Fitzgerald, which has made no secret of wanting to embrace crypto, too. So I asked Alex if he thought this was going to give criminals more space to maneuver. And his answer surprised me.
[11:30]
Alexander Leslie
I think as the public and as our policymakers become more aware of cryptocurrency and not just bitcoin digital assets as a whole. Meme, coins, altcoins, NFTs, like, as this stuff expands and as people really understand this and becomes mainstream, I think it actually takes power away from the cybercriminals who have been operating behind a curtain for a long time.
[11:59]
Dina Temple Roston
Alex says that a better understanding of cryptocurrency and how it works will only make it harder for crypto criminals to hide behind it.
[12:08]
Alexander Leslie
This puts more eyes and more pressure on the legitimate use of cryptocurrency and on organizations that are responsible for the use, misuse, regulation of cryptocurrency, like legitimate exchanges, legitimate investors, cryptocurrency analysts. This takes power away from the criminals who operate almost Exclusively in cryptocurrency. Yeah.
[12:32]
Dina Temple Roston
So there's sort of a Wizard of Oz vibe here, right. That once you get behind the curtain, it's not somebody who's 10ft tall, something. Crypto is much more normal than you think.
[12:41]
Alexander Leslie
Absolutely. Like literally what I was trying to say was I was trying to say behind a curtain without explicitly mentioning the wizard of Oz. I think that is how I see this situation of like, once it's demystified, it's demystified. I think threat actors in general, like public awareness, is the most important, period. Ransomware, group scams, cryptocurrency doesn't matter. Any form of cyber that the public knows about in any capacity changes the outlook of cyber, because cyber is effective, because it's a boogeyman.
[13:15]
Dina Temple Roston
And the boogeyman will disappear once the public and policymakers focus on it and understand it and regulate it.
[13:23]
Alexander Leslie
And these cybercriminals who have been operating, you know, stereotypically in their basements, in the dark, away from the mainstream, introverted, that stuff is going to be completely unmasked. There's nothing more important than that.
[13:45]
Dina Temple Roston
From Recorded Future News, this has been Click Here's Mic Drop. It was written and produced by Megan Dietre, Sean Powers, Erica Gaeda and me, Tina Temple Rasten. It was edited by Karen Duffin. We'll be back on Tuesday with an all new episode of Click Here. Have a great weekend.
[14:20]
Unknown
If you're looking for a daily guide to cybersecurity news and policy, sign up for the Cyber Daily from Recorded Future News. It serves up the day's most interesting and important cyber stories from our sister publication, the Record, and then aggregates all of the big cyber stories you might have missed from news outlets around the world. Just go to the Record Media and click on Cyber Daily to get all you need to know about the world of cybersecurity right in your inbox.