LockBit Ransomware Scheme Continues to Evolve and Extort Millions from US Organizations

LockBit is a ransomware-as-a-service (RaaS) scheme that has been wreaking havoc in the U.S. since 2020. The threat actors behind this scheme are known for targeting critical infrastructure sectors and extorting large sums of money from their victims. To date, LockBit has claimed responsibility for at least 1,653 ransomware attacks and has extorted $91 million from various U.S. organizations. This article will provide an in-depth overview of the LockBit ransomware scheme, including its evolving threat landscape, attack chains, and vulnerabilities exploited. We will also discuss its unique business model, upgrades and innovations, and the recent CISA Binding Operational Directive 23-02, as well as threats to baseboard management controller implementations.

Overview of LockBit Ransomware Scheme

The LockBit ransomware scheme is a RaaS that rents out the core developers’ software to affiliates who carry out ransomware deployment and extortion. The affiliates are allowed to receive ransom payments and then send a cut to the main crew, making it a deviation from the typical ransomware business model. This business model has enabled LockBit to extort $91 million from various U.S. organizations since 2020. The threat actors behind LockBit have claimed responsibility for at least 1,653 ransomware attacks to date and have targeted various critical infrastructure sectors.

Evolving threat landscape

LockBit’s ability to adapt to new systems and environments has made it an ever-evolving threat. The ransomware strain has been adapted to target Linux, VMware ESXi, and Apple macOS systems. LockBit has been successful through its innovation and continual development of the group’s administrative panel, affiliate supporting functions, and constant revision of tactics, techniques, and procedures (TTPs).

Attack Chains and Vulnerabilities Exploited

LockBit’s attack chains have leveraged recently disclosed flaws in Fortra GoAnywhere Managed File Transfer (MFT) and PaperCut MF/NG servers, as well as other known bugs in Apache Log4j2, F5 BIG-IP and BIG-IQ, and Fortinet devices, to obtain initial access. The threat actors behind LockBit have exploited these vulnerabilities to gain access to their targets’ networks and deploy ransomware.

Unique business model

LockBit’s unique business model, which involves renting out the core developers’ malware to affiliates who carry out ransomware attacks and extortion, has enabled the operation to extort large sums of money from various U.S. organizations. This business model has also made it difficult for law enforcement to identify and prosecute the main perpetrators behind LockBit.

Upgrades and Innovations

The LockBit ransomware strain has undergone three substantial upgrades so far: LockBit Red (June 2021), LockBit Black (March 2022), and LockBit Green (January 2023). These upgrades have enabled LockBit to stay ahead of security measures and continue to evolve its attack capabilities. LockBit’s continual development of the group’s administrative panel, affiliate supporting functions, and constant revision of TTPs have also made it a formidable threat.

CISA Binding Operational Directive 23-02

The Cybersecurity and Infrastructure Security Agency (CISA) issued Binding Operational Directive 23-02, instructing federal agencies to secure network devices exposed to the public internet within 14 days of discovery and take steps to minimize the attack surface. This directive aims at mitigating the risks posed by ransomware attacks, such as LockBit, and reducing their impact on critical infrastructure.

Threats to Baseboard Management Controller Implementations

CISA and the US National Security Agency (NSA) have highlighted threats to baseboard management controller (BMC) implementations, leading to vulnerabilities if credentials, firmware updates, and network segmentation options are overlooked. BMC is a critical component in many computing systems, and attackers can exploit vulnerabilities in these systems to gain unauthorized access, escalate privileges, and ultimately deploy ransomware.

The LockBit ransomware scheme is a growing threat to US organizations that operate critical infrastructure systems. LockBit’s ability to adapt to new environments and systems, exploit known vulnerabilities, and use a unique business model has made it a formidable adversary. Organizations must take steps to secure their networks and minimize their attack surface to mitigate the risks posed by ransomware attacks like LockBit. The recent CISA Binding Operational Directive 23-02 and threats to BMC implementations highlight the importance of implementing robust security measures to prevent ransomware attacks.

Explore more

AI Revolutionizes Corporate Finance: Enhancing CFO Strategies

Imagine a finance department where decisions are made with unprecedented speed and accuracy, and predictions of market trends are made almost effortlessly. In today’s rapidly changing business landscape, CFOs are facing immense pressure to keep up. These leaders wonder: Can Artificial Intelligence be the game-changer they’ve been waiting for in corporate finance? The unexpected truth is that AI integration is

AI Revolutionizes Risk Management in Financial Trading

In an era characterized by rapid change and volatility, artificial intelligence (AI) emerges as a pivotal tool for redefining risk management practices in financial markets. Financial institutions increasingly turn to AI for its advanced analytical capabilities, offering more precise and effective risk mitigation. This analysis delves into key trends, evaluates current market patterns, and projects the transformative journey AI is

Is AI Transforming or Enhancing Financial Sector Jobs?

Artificial intelligence stands at the forefront of technological innovation, shaping industries far and wide, and the financial sector is no exception to this transformative wave. As AI integrates into finance, it isn’t merely automating tasks or replacing jobs but is reshaping the very structure and nature of work. From asset allocation to compliance, AI’s influence stretches across the industry’s diverse

RPA’s Resilience: Evolving in Automation’s Complex Ecosystem

Ever heard the assertion that certain technologies are on the brink of extinction, only for them to persist against all odds? In the rapidly shifting tech landscape, Robotic Process Automation (RPA) has continually faced similar scrutiny, predicted to be overtaken by shinier, more advanced systems. Yet, here we are, with RPA not just surviving but thriving, cementing its role within

How Is RPA Transforming Business Automation?

In today’s fast-paced business environment, automation has become a pivotal strategy for companies striving for efficiency and innovation. Robotic Process Automation (RPA) has emerged as a key player in this automation revolution, transforming the way businesses operate. RPA’s capability to mimic human actions while interacting with digital systems has positioned it at the forefront of technological advancement. By enabling companies