![]() ![]() Cybersecurity and Infrastructure Security Agency (CISA), FBI, and other cybersecurity authorities. government offices in 2022, according to the U.S. The LockBit group is responsible for approximately one in six ransomware attacks targeting U.S. (Source: Australian Cyber Security Center) The Most Active Ransomware Group of 2022: LockBit It may also send encrypted host and bot information to a command and control server.Īn overview of a typical LockBit operation. After encryption, LockBit 3.0 drops a ransom note and changes the host’s wallpaper and icons to LockBit branding. Using the Server Message Block (SMB) protocol, it can also spread via Group Policy Objects and PsExec. LockBit 3.0 uses hardcoded credentials or compromised local accounts with elevated privileges to spread through a victim network. Using an open-source package installer known as Chocolatey to install and execute malicious payloads is a recurring feature in LockBit 3.0 attacks, likely employed to evade detection. LockBit 3.0 affiliates use diverse methods for initial access, including exploiting RDP, launching phishing campaigns, and exploiting vulnerabilities in public-facing applications. Provided cryptographic key decodes the ransomware’s executable to protect the encoded file uploaded to the target system. If LockBit affiliates lack access to the passwordless version of the ransomware, they must provide a password during execution. Once executed in a victim’s system, LockBit 3.0 affiliates can modify its behavior using additional arguments, such as lateral movement or safe mode. LockBit 3.0, a Ransomware-as-a-Service (RaaS), has several options for configuring its behavior during compilation. Top targeted industries by LockBit 3.0 Findings on LockBit 3.0 Ransomware According to SOCRadar data, about half of the attacks with the LockBit 3.0 variant affect US companies. Some of the languages that are excluded are Romanian (Moldova), Arabic (Syria), and Tatar (Russia), but this is not an exhaustive list.Īlthough the ransomware group claims not to engage in politics, many of its targets appear to be NATO and allied countries. It cross-checks the result against a set of countries, and in case the locale doesn’t match any of the specified countries, the malware proceeds to the subsequent verification step. To confirm the location of the targeted system, LockBit ransomware employs the functions: Excluded languages include the local language of Russian-influenced countries and the languages of Russian-allied countries. ![]() ![]() LockBit 3.0 infects the target system if it is not on the exclusion list of specific languages. LockBit discloses its victims on its leak site and sets a deadline for the ransom. Even if these astronomical numbers could vary from company to company, the total financial loss caused by LockBit’s malicious acts can exceed billions of dollars. $34.8 million was due to revenue loss, and $7.3 million was mitigation expenses. The group, which has over 1500 victim announcement records on the SOCRadar platform, broke the record in the first quarter of 2023 as the most active ransomware group by far, with over 300 announced victims.Ītento, a CRM company, showed the impact of an attack by LockBit as $42.1 million in its financial performance report published in 2021. LockBit Ransomware Group was first observed in September 2019, it became the most active ransomware group of 2022 with the shutdown of Conti, and as of the first quarter of 2023, they still stand out as the most active ransomware group. A single group, the LockBit Ransomware Group, is accountable for over one-third of all ransomware attacks in the latter half of the previous year, the initial quarter of 2023. The frequency of ransomware attacks is on the rise every year. Added under the subheading “The Most Active Ransomware Group of 2022: LockBit.” June 15, 2023: LockBit was identified as the most active global ransomware group and RaaS provider based on the number of victims on their data leak site. June 23, 2023: LockBit is reportedly developing ransomware capable of targeting a broader range of systems, added the subheading: “LockBit Tries to Expand Reach to Different Architectures: Apple, Linux, FreeBSD.” Added the subheading: “TSMC Confirms Supplier Hack Following Lockbit’s Claim.” July 03, 2023: LockBit claimed to hack Taiwan Semiconductor Manufacturing Company (TSMC), but TSMC clarified that only one of its suppliers, Kinmax Technology, was breached. August 31, 2023: See the subheading: “LockBit’s Operational Struggles, Empty Threats, and Sudden Surge.”
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |