Source: Bleeping Computer
Summary
According to a recent cybersecurity advisory issued by the Cybersecurity & Infrastructure Security Agency (CISA), LockBit was the most deployed ransomware variant worldwide and continues to be prolific in 2023.
According to the FBI, since 2020 LockBit ransomware was used in 1700 attacks within the US alone, generating approximately $91 million in illicit revenue for LockBit associates. LockBit uses a Ransomware-as-a-Service (RaaS) model where associates are recruited to conduct ransomware attacks using LockBit ransomware tools and infrastructure. Each LockBit associate is free to use its own attack tactics, techniques, and procedures (TTPs). This variance in TTPs presents a notable challenge for organizations working to maintain network security and protect against constantly evolving ransomware threats.
Analysis
LockBit will remain a popular choice for cybercriminals for its ease of use, effectiveness, and payment model. LockBit handles the most difficult part of developing and keeping the ransomware and its infrastructure up to date, making it accessible to threat actors with a lower degree of technical skill.
Mitigation
Field Effect recommends reviewing and implementing the mitigations provided by CISA to help organizations improve their cybersecurity posture and to better defend against LockBit ransomware.
Field Effect’s elite team of Security Intelligence professionals constantly monitor the cyber threat landscape for novel TTPs and IoCs associated with ransomware variants such as LockBit. This research contributes to the timely deployment of signatures into Covalence to detect and mitigate threat activity.
References
