Right now, the LockBit ransomware is probably the most lively and profitable cybercrime group on the planet. Attributed to a Russian Risk Actor, LockBit has stepped out from the shadows of the Conti ransomware group, who had been disbanded in early 2022.
LockBit ransomware was first found in September 2019 and was beforehand referred to as ABCD ransomware due to the “.abcd virus” extension first noticed. LockBit operates as a Ransomware-as-a-service (RaaS) mannequin. Briefly, which means associates make a deposit to make use of the instrument, then cut up the ransom cost with the LockBit group. It has been reported that some associates are receiving a share as excessive of 75%. LockBit’s operators have posted ads for his or her associates program on Russian-language prison boards stating they won’t function in Russia or any CIS international locations, nor will they work with English-speaking builders until a Russian-speaking “guarantor” vouches for them.
Preliminary assault vectors of LockBit embrace social engineering, resembling phishing, spear phishing, and enterprise electronic mail compromise (BEC), exploiting public-facing purposes, hiring preliminary entry brokers” (IABs), and utilizing stolen credentials to entry legitimate accounts, resembling distant desktop protocol (RDP), in addition to brute-force cracking assaults.
Throughout final yr’s World Risk Forecast webinar, hosted by SecurityHQ, we recognized LockBit as a major risk and highlighted them as a Risk Actor to pay shut consideration to throughout 2022.
LockBit Targets
LockBit has sometimes centered assaults on authorities entities and enterprises in quite a lot of sectors, resembling healthcare, monetary providers, and industrial items and providers. The ransomware has been noticed concentrating on international locations globally, together with the US, China, India, Indonesia, Ukraine, France, the UK, and Germany.
One other attention-grabbing characteristic of LockBit is that it’s programmed in a approach that it can’t be utilized in assaults in opposition to Russia or CIS international locations (Commonwealth of Unbiased States). That is probably a precautionary measure taken by the group to keep away from any potential backlash from the Russian authorities.
The map under reveals the places focused by LockBit.
Determine 1 – SecurityHQ Evaluation of LockBit Victims Per Geography |
A Busy Yr for LockBit
By means of evaluation of leak web site information, we had been capable of get a real image of what number of profitable assaults LockBit had made. In 2022, the group printed extra profitable assaults than another ransomware group. Now we have mapped the exercise of LockBit all year long in opposition to different well-known ransomware teams. You possibly can see the decline of Conti because the group began to close down operations. It’s now reported nonetheless, that members of the as soon as prolific Conti ransomware group at the moment are working throughout the BlackBasta, BlackByte and Karakurt ransomware teams.
The graph under demonstrates how lively LockBit had been throughout 2022, in comparison with different ransomware teams.
One of many distinctive options of LockBit is their bug bounty program for his or her ransomware builders and compilers. The group presents a $1 million reward for anybody who can dox (publicly reveal the identities of) their homeowners. This can be a vital sum, and it reveals how critical LockBit is about sustaining their anonymity.
Just lately, the group has been linked to an assault on Royal Mail within the UK. Nevertheless, LockBit has denied any involvement within the assault, stating that it was carried out by an affiliate. This isn’t unusual for ransomware teams, as they usually use associates to hold out assaults to be able to distance themselves from the implications.
Total, the LockBit ransomware group is a formidable and complex cybercrime group that poses a major risk to companies and organizations all over the world. With a well-established ransomware-as-a-service mannequin, a bug bounty program, and a willingness to reward those that reveal their identities, LockBit is a power to be reckoned with within the risk panorama.
What’s RaaS?
Ransomware-as-a-service (RaaS) has gained recognition in recent times. RaaS refers to a kind of enterprise mannequin the place ransomware operators present the malware and instruments to different people or organised crime teams to hold out ransomware assaults, in trade for a share of the ransom cost. This enables even much less technically expert people to take part in ransomware assaults, growing the variety of assaults and making it tougher to trace and apprehend the attackers.
What to Do Subsequent
To reinforce your safety posture, it is strongly recommended that companies do the next steps:
- Guarantee Managed Detection and Response (MDR) is used to grasp malicious or anomalous exercise, analyse, prioritise, and reply to threats in fast time, and safeguard your information, folks and processes.
- Be sure that staff are educated and educated on the most recent cyber safety threats, in order that they know spot an assault, and reply to it in the suitable approach.
To take heed to SecurityHQ consultants focus on a few of the best threats seen all through 2022, focus on the implications of a breach, with predictions for 2023, and mitigate in opposition to upcoming cyber safety threats, obtain this webinar recording’ World Risk Panorama 2023 Forecast‘, to know extra.
Notice: This text is by Aaron Hambleton, Director for Center East & Africa at SecurityHQ. With over 11 years of expertise throughout varied sectors like Monetary Providers, Retail, Insurance coverage, Authorities, and Telecommunications, Aaron is a licensed GCDA and has experience in incident response, risk searching, vulnerability administration, cyber safety operations, risk intelligence, and consultancy.