The FBI and two other US government agencies recently released a security advisory analyzing LockBit 3.0’s infamous ransomware operation as part of an ongoing #StopRansomware campaign.
The FBI jointly released the advisory with the Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing and Analysis Center (MS-ISAC).
It includes tactics, techniques and procedures (TTPs), indicators of compromise (IOCs), details of the ransomware’s capabilities, mitigation advice, and tips on sharing valuable information with the authorities.
“The LockBit 3.0 ransomware operations function as a Ransomware-as-a-Service (RaaS) model and is a continuation of previous versions of the ransomware, LockBit 2.0, and LockBit,” reads the detailed report. “Since January 2020, LockBit has functioned as an affiliate-based ransomware variant; affiliates deploying the LockBit RaaS use many varying TTPs and attack a wide range of businesses and critical infrastructure organizations, which can make effective computer network defense and mitigation challenging.”
After providing background on the group’s malicious operations, the report delves into technical details, outlining the nature of the ransomware, the way it spreads, and how it achieves persistence.
The document describes LockBit’s third iteration of its ransomware-as-a-service (RaaS) as “more modular and evasive than its previous versions,” and says it shares certain features with Blackcat and Blackmatter ransomware.
LockBit 3.0’s elusive design helps it avoid detection by removing itself from the disk after infection and relaying encrypted host- and bot-related data to its command and control (C2) servers.
Furthermore, its operators seem to have an agenda, as the malware avoids infecting machines that use specific language settings, including Arabic (Syria), Romanian (Moldova), and Tatar (Russia).
To avoid falling prey to vicious ransomware campaigns such as LockBit 3.0, you should take the following precautions:
Specialized software such as Bitdefender Ultimate Security can help you deter ransomware attacks thanks to its comprehensive list of features, including:
tags
Vlad's love for technology and writing created rich soil for his interest in cybersecurity to sprout into a full-on passion. Before becoming a Security Analyst, he covered tech and security topics.
View all postsSeptember 06, 2024
September 02, 2024
August 13, 2024