The infamous LockBit ransomware variant has earned blackmailers nearly $100 million from U.S. victims alone since January 2020, allied security officials revealed in a new advisory yesterday.
The US Cybersecurity and Infrastructure Security Agency (CISA), the UK National Cybersecurity Center (NCSC) and their Australian, New Zealand, Canadian, French and German counterparts produced this document after warning of the continued threat from the group. bottom.
In fact, they claimed that LockBit was the most deployed ransomware in 2022 and continues to occur in large numbers today. According to the document, about 1,700 attacks have been attributed to it in the US alone since 2020.
Read more about LockBit: LockBit dominates 2022 ransomware campaign: Deep Instinct.
Since January 2020, ransomware-as-a-service affiliates have been operating at varying sizes across multiple critical infrastructure sectors, including financial services, food and agriculture, education, energy, government and emergency services, healthcare, manufacturing, and transportation. organizations are targeted. said the agency.
The advisory covers freeware and open source tools commonly used in post-breach activities, exploited CVEs, and secondary ransomware attack mechanics when upstream supply chain victims are targeted. Technical details were provided on how the ransomware and its leaking sites have evolved over time.
There’s also a handy list of MITER ATT&CK tactics and techniques, mitigations, and resources for further reading.
NCSC Operations Director Paul Chichester has warned that LockBit’s activities are having far-reaching repercussions.
“It’s imperative for organizations to understand the severe impact a ransomware attack can have on their operations, finances and reputation,” he added.
“This advisory, issued in conjunction with our international partners, underscores the importance of network defenders taking recommended actions to establish effective protection against such attacks.”
The news comes as the Clop gang’s deadline for victims of the MOVEit data theft extortion campaign passed yesterday.
The group named its first 12 victims yesterday, according to ReliaQuest, but as of this writing, the threat intelligence firm claims no data stolen from the leaked site has been made public.
