Today, the LockBit ransomware is the most active and successful cybercrime organization in the world. Attributed to a Russian Threat Actor, LockBit has stepped out from the shadows of the Conti ransomware group, who were disbanded in early 2022. LockBit ransomware was first discovered in September 2019 and was previously known as ABCD ransomware because of the \”.abcd virus\” extension first observed. LockBit operates as a Ransomware-as-a-service (RaaS) model, in which affiliates make a deposit to use the tool, then split the ransom payment with the LockBit group, with some affiliates receiving a share as high of 75%. Initial attack vectors of LockBit include social engineering, such as phishing, spear phishing, and business email compromise (BEC), exploiting public-facing applications, hiring initial access brokers\” (IABs), and using stolen credentials to access valid accounts, such as remote desktop protocol (RDP), as well as brute-force cracking attacks.
LockBit has typically focused attacks on government entities and enterprises in a variety of sectors, such as healthcare, financial services, and industrial goods and services. The ransomware has been observed targeting countries globally, including the US, China, India, Indonesia, Ukraine, France, the UK, and Germany. LockBit is programmed in a way that it cannot be used in attacks against Russia or CIS countries (Commonwealth of Independent States).
Through analysis of leak site data, it was found that LockBit published more successful attacks than any other ransomware group in 2022. LockBit also has a bug bounty program for their ransomware builders and compilers, offering a $1 million reward for anyone who can dox (publicly reveal the identities of) their owners. LockBit has been linked to an attack on Royal Mail in the UK, however they have denied any involvement in the attack.
Overall, the LockBit ransomware group is a formidable and sophisticated cybercrime organization that poses a significant threat to businesses and organizations around the world. To protect against LockBit and other ransomware attacks, businesses should ensure Managed Detection and Response (MDR) is used to understand malicious or anomalous activity, educate and train employees on cyber security threats, and download the webinar recording ‘Global Threat Landscape 2023 Forecast’ to know more.
Key Points:
• LockBit is the most active and successful cybercrime organization in the world, attributed to a Russian Threat Actor.
• LockBit operates as a Ransomware-as-a-service (RaaS) model, in which affiliates make a deposit to use the tool and split the ransom payment with the LockBit group.
• LockBit has been observed targeting countries globally and is programmed in a way that it cannot be used in attacks against Russia or CIS countries.
• LockBit published more successful attacks than any other ransomware group in 2022.
• To protect against LockBit and other ransomware attacks, businesses should ensure Managed Detection and Response (MDR) is used, employees are trained and educated on the latest cyber security threats, and download the webinar recording ‘Global Threat Landscape 2023 Forecast’.
