The group also engages in publicity-generating exercises, disparages other RaaS operations, and has even taken steps to discourage individuals from disclosing the identity of the lead member of the group (LockBitSupp) to law enforcement by offering a $1 million bounty on information that could lead to LockBitSupp’s identification.ĭue to the large number of affiliates working within the LockBit operation, the tactics, techniques, and procedures (TTPs) used in attacks are diverse so network defenders face significant challenges defending against attacks. The security advisory details the TTPs that CISA, the FBI, and their international cybersecurity partners have observed in LockBit ransomware attacks over the past 3 years, along with a lengthy list of mitigations to help network defenders take proactive steps to improve their defenses against LockBit attacks. The group has developed an easy-to-use interface for its affiliates which lowers the bar for new affiliates, who require less technical skill to start conducting ransomware attacks than with other ransomware variants. Affiliates are recruited to conduct attacks and receive a share of the ransoms they generate, as is the case with other RaaS operations however, LockBit pays its affiliates faster and provides them with their cut of ransom payments before payment is received by core members of the group. There are several reasons why LockBit has become the most prolific RaaS operation. The group has attacked organizations of all sizes, including critical infrastructure entities such as financial services, food & agriculture, education, and healthcare, and 2023 attacks have continued in high numbers. LockBit was behind 16% of ransomware attacks on state, local, tribal, and tribunal (SLTT) governments in 2022 and was the most commonly deployed ransomware variant last year. The LockBit ransomware-as-a-service operation is the most prolific RaaS group, having listed more victims on its data leak site than any other ransomware operation. “As we look to the future, we must all work together to evolve to a model where ransomware actors are unable to use common tactics and techniques to compromise victims and work to ensure ransomware intrusions are detected and remediated before harm can occur.” “This joint advisory on LockBit is another example of effective collaboration with our partners to provide timely and actionable resources to help all organizations understand and defend against this ransomware activity,” said CISA Executive Assistant Director for Cybersecurity, Eric Goldstein. The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), Multi-State Information Sharing and Analysis Center (MS-ISAC), and its international cybersecurity agency partners have issued a cybersecurity advisory about the LockBit ransomware operation, which has extorted $91 million from organizations in the United States since 2020 across 1,700 attacks. Comprehensive LockBit Ransomware Cybersecurity Advisory Issued by CISA & Partners
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |