LockBit Ransomware Scheme Continues to Evolve and Extort Millions from US Organizations

LockBit is a ransomware-as-a-service (RaaS) scheme that has been wreaking havoc in the U.S. since 2020. The threat actors behind this scheme are known for targeting critical infrastructure sectors and extorting large sums of money from their victims. To date, LockBit has claimed responsibility for at least 1,653 ransomware attacks and has extorted $91 million from various U.S. organizations. This article will provide an in-depth overview of the LockBit ransomware scheme, including its evolving threat landscape, attack chains, and vulnerabilities exploited. We will also discuss its unique business model, upgrades and innovations, and the recent CISA Binding Operational Directive 23-02, as well as threats to baseboard management controller implementations.

Overview of LockBit Ransomware Scheme

The LockBit ransomware scheme is a RaaS that rents out the core developers’ software to affiliates who carry out ransomware deployment and extortion. The affiliates are allowed to receive ransom payments and then send a cut to the main crew, making it a deviation from the typical ransomware business model. This business model has enabled LockBit to extort $91 million from various U.S. organizations since 2020. The threat actors behind LockBit have claimed responsibility for at least 1,653 ransomware attacks to date and have targeted various critical infrastructure sectors.

Evolving threat landscape

LockBit’s ability to adapt to new systems and environments has made it an ever-evolving threat. The ransomware strain has been adapted to target Linux, VMware ESXi, and Apple macOS systems. LockBit has been successful through its innovation and continual development of the group’s administrative panel, affiliate supporting functions, and constant revision of tactics, techniques, and procedures (TTPs).

Attack Chains and Vulnerabilities Exploited

LockBit’s attack chains have leveraged recently disclosed flaws in Fortra GoAnywhere Managed File Transfer (MFT) and PaperCut MF/NG servers, as well as other known bugs in Apache Log4j2, F5 BIG-IP and BIG-IQ, and Fortinet devices, to obtain initial access. The threat actors behind LockBit have exploited these vulnerabilities to gain access to their targets’ networks and deploy ransomware.

Unique business model

LockBit’s unique business model, which involves renting out the core developers’ malware to affiliates who carry out ransomware attacks and extortion, has enabled the operation to extort large sums of money from various U.S. organizations. This business model has also made it difficult for law enforcement to identify and prosecute the main perpetrators behind LockBit.

Upgrades and Innovations

The LockBit ransomware strain has undergone three substantial upgrades so far: LockBit Red (June 2021), LockBit Black (March 2022), and LockBit Green (January 2023). These upgrades have enabled LockBit to stay ahead of security measures and continue to evolve its attack capabilities. LockBit’s continual development of the group’s administrative panel, affiliate supporting functions, and constant revision of TTPs have also made it a formidable threat.

CISA Binding Operational Directive 23-02

The Cybersecurity and Infrastructure Security Agency (CISA) issued Binding Operational Directive 23-02, instructing federal agencies to secure network devices exposed to the public internet within 14 days of discovery and take steps to minimize the attack surface. This directive aims at mitigating the risks posed by ransomware attacks, such as LockBit, and reducing their impact on critical infrastructure.

Threats to Baseboard Management Controller Implementations

CISA and the US National Security Agency (NSA) have highlighted threats to baseboard management controller (BMC) implementations, leading to vulnerabilities if credentials, firmware updates, and network segmentation options are overlooked. BMC is a critical component in many computing systems, and attackers can exploit vulnerabilities in these systems to gain unauthorized access, escalate privileges, and ultimately deploy ransomware.

The LockBit ransomware scheme is a growing threat to US organizations that operate critical infrastructure systems. LockBit’s ability to adapt to new environments and systems, exploit known vulnerabilities, and use a unique business model has made it a formidable adversary. Organizations must take steps to secure their networks and minimize their attack surface to mitigate the risks posed by ransomware attacks like LockBit. The recent CISA Binding Operational Directive 23-02 and threats to BMC implementations highlight the importance of implementing robust security measures to prevent ransomware attacks.

Explore more

U.S. Labor Market Stagnates Amid Layoffs and AI Impact

As the U.S. economy navigates a complex web of challenges, a troubling trend has emerged in the labor market, with stagnation casting a shadow over job growth and stability, while recent data reveals a significant drop in hiring plans despite a decline in monthly layoffs. This paints a picture of an economy grappling with uncertainty. Employers are caught between rising

Onsite Meetings Drive Success with Business Central

In an era where digital communication tools dominate the business landscape, the enduring value of face-to-face interaction often gets overlooked, yet it remains a powerful catalyst for effective technology implementation. Imagine a scenario where a company struggles to integrate a complex system like Microsoft Dynamics 365 Business Central, grappling with inefficiencies that virtual meetings fail to uncover. Onsite visits, where

Balancing AI and Human Touch in Modern Staffing Practices

Imagine a hiring process where algorithms sift through thousands of resumes in seconds, matching candidates to roles with uncanny precision, yet when it comes time to seal the deal, a candidate hesitates—not because of the job, but because they’ve never felt a genuine connection with the recruiter. This scenario underscores a critical tension in today’s staffing landscape: technology can streamline

How Is AI Transforming Search and What Must Leaders Do?

Unveiling the AI Search Revolution: Why It Matters Now Imagine a world where a single search query no longer starts with typing keywords into a familiar search bar, but instead begins with a voice command, an image scan, or a conversation with an AI assistant that anticipates needs before they are fully articulated. This is not a distant vision but

Why Is Explainable AI Crucial for Regulated Industries?

Unveiling the Transparency Challenge in AI-Driven Markets In 2025, imagine a healthcare provider relying on an AI system to diagnose a critical condition, only to face a regulatory inquiry because the decision-making process remains a mystery, highlighting a pressing challenge in regulated industries like healthcare, finance, and criminal justice. The lack of transparency in AI systems poses significant risks to