Finally, a ransomware breakthrough

Welcome to Runtime! Today: how international law enforcement agencies took down one of the most notorious ransomware operators, how two communities are dealing with a surge in data-center building, and the latest funding rounds in enterprise tech.

(Was this email forwarded to you? Sign up here to get Runtime each week.)

Locked up

An international coalition of law enforcement agencies just scored one of the biggest wins in recent memory against the plague of ransomware attacks that has weighed down the world economy.

Dozens of servers belonging to Lockbit, a secretive group that essentially provides ransomware infrastructure as a service, were seized Monday and two people were arrested in Poland and Ukraine. The U.S. Department of Justice also indicted two Russians on charges of participating in the group's efforts, which netted more than $120 million in ransomware payments over the last few years.

• Sites affiliated with LockBit now bear that distinctive "this site has been seized by law enforcement" message, and if anybody in law enforcement is reading, one day I would love to sit in on the design meetings for those graphics.
• More importantly, officials also released decryption keys that could help some of the 2,000 people and organizations targeted by the group get their data back.
• "Operation Cronos" took several months to complete and involved 11 countries, including the U.S., U.K., Germany, Australia, and Japan.
• The task force also has "frozen more than 200 cryptocurrency accounts linked to the criminal organization, underscoring the commitment to disrupt the economic incentives driving ransomware attacks," Europol said.

Lockbit has wreaked havoc across the planet since 2019.

• Taking a nod from the rise of cloud computing, Lockbit members developed their own malware and recruited others to spread it, maintaining the infrastructure needed to launch the attacks.
• That malware would encrypt a victim's data after a successful attack, and Lockbit would either demand payment to get it back or threaten to release damaging portions of that data unless it was paid.
• Lockbit isn't the only criminal enterprise following this playbook, but according to Europol "in 2022 it became the most deployed ransomware variant across the world."
• The U.K.'s National Crime Agency attributed 25% of all ransomware attacks in the last year to the group.

Law enforcement officials took an understandable victory lap in press conferences Tuesday.

• The NCA said authorities collected "an awful lot of information" on Lockbit's operations, tactics, and plans, and will be releasing small amounts of that information over the rest of the week.
• The agency also has evidence that LockBit retained victim data even after they paid the ransom, which should give fresh ammunition to legal and security experts who have been urging companies for years to never pay the ransom.
• That evidence could also reveal whether or not companies that are subject to the Biden administration's cybersecurity incident reporting laws paid ransom without disclosing that payment within 24 hours.

But some cybersecurity experts warned that Lockbit could still be operational and ready to go on the offensive after taking quite a punch from global law enforcement.

• "In time ... they will resurface, likely under a different name, with current members likely joining or establishing other successful gangs," Yossi Rachman of Semperis told Dark Reading.
• Still, "even if we don't always get a complete victory … imposing disruption, fueling their fear of getting caught and increasing the friction of operating their criminal syndicate is still a win," Chester Wisniewski of Sophos told MSSP Alert.

Feeling green

One thing Ireland and Oregon have in common — other than depressingly constant rain — is a thriving collection of data centers, thanks to tax breaks and geographic luck. But people in both places are starting to wonder whether allowing data centers to spring up all over their land was such a good idea.

The Guardian published a feature last week on the enormous societal effects spreading out from Ireland's data-center boom, which could demand 70% of the country's electricity if it continues as planned. And the Oregonian reported Saturday that the power authority in Eastern Oregon's Umatilla and Morrow counties, home to AWS's sprawling US West (Oregon) cloud region, is "now the third-largest emitter of greenhouse gasses among all Oregon utilities" despite serving just 16,000 residents.

As companies like Blackstone plunge ahead with data-center construction plans fueled by the AI boom, it seems more likely that after years of welcoming the construction jobs communities are about to become much more skeptical when data centers are proposed in their region. AWS might be able to transition to clean energy to reduce its emissions in Eastern Oregon, but it really feels like more and more people are getting tired of looking at those things.

Enterprise funding

Lambda raised $320 million in Series C funding that values the GPU cloud provider at $1.5 billion.

Magic AI raised $117 million in Series B funding for its AI coding assistant, which it wants us to call a "coworker" rather than a "Copilot."

Rasa landed $30 million in Series C funding to expand its development platform for enterprises working on building generative AI agents.

Clarity scored $16 million in seed funding to help companies detect deepfake images and videos.

Guardrails AI raised $7.5 million in seed funding to further develop its open-source products, which help companies set rules and policies for internal AI development.

The Runtime roundup

Microsoft said it will invest $2.1 billion over the next two years toward cloud infrastructure in Spain, where it first announced plans to build a cloud region in 2020.

MariaDB was offered a private-equity deal that would value the database company at $37 million, well below its peak private-market valuation of $672 million before a disastrous SPAC IPO in late 2022.

Wyze blamed AWS for an hours-long outage that took down security-camera feeds for its customers.

Rust is too complicated, according to a new survey of developers who want the people tasked with building out one of the fastest-growing programming languages to focus on maintenance before adding new features.

Thanks for reading — see you Thursday!