Heimdal
article featured image

Contents:

In a joint LockBit ransomware advisory, U.S. and international cybersecurity officials reported that the group has successfully extorted over $91 million after committing almost 1,700 operations against American businesses since 2020.

Details from the U.S. And International Cybersecurity Officials Joint Advisory

The U.S. authorities and their foreign allies in Australia, Canada, the United Kingdom, Germany, France, and New Zealand said that this Ransomware-as-a-Service (RaaS) operation was the top worldwide ransomware threat in 2022, having the biggest number of victims claimed on their data leak site.

Based on reports received by the MS-ISAC throughout last year, 16% of the ransomware incidents affecting State, Local, Tribal, and Tribunal (SLTT) governments were attacks conducted by LockBit.

According to BleepingComputer, LockBit affiliates attacked local governments, county governments, public higher education institutions, K–12 schools, and emergency services including law enforcement on several occasions.

Since January 2020, affiliates using LockBit have attacked organizations of varying sizes across an array of critical infrastructure sectors, including financial services, food and agriculture, education, energy, government and emergency services, healthcare, manufacturing, and transportation.

Joint Advisory (Source)

In the advisory, over 40 Tactics, Techniques, and Procedures (TTPs) used by LockBit affiliates in attacks are outlined in a MITRE ATT&CK mapping along with a list of about 30 freeware and open-source tools. The advisory also provides recommended mitigation measures to help defenders thwart LockBit activity targeting their organization.

The FBI encourages all organizations to review this CSA and implement the recommended mitigation measures to better defend against threat actors using LockBit. If you believe you are the victim of a cybercrime, please contact your local FBI field office,

Bryan Vorndran, Assistant Director of the FBI’s Cyber Division (Source)

LockBit emerged in September 2019 as a RaaS (ransomware-as-a-service) operation and by today it evolved into its third itineration, LockBit 3.0. During this time, LockBit claimed several high-profile victims worldwide including automotive giant Continental, the city of Oakland, and the UK Royal Mail service.

If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.

Author Profile

Cristian Neagu

CONTENT EDITOR

linkedin icon

Cristian is a Content Editor & Creator at Heimdal®, where he developed a deep understanding of the digital threat landscape. His style resonates with both technical and non-technical readers, proof being in his skill of communicating cybersecurity norms effectively, in an easy-to-understand manner.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE