LockBit Ransomware Scheme Continues to Evolve and Extort Millions from US Organizations

LockBit is a ransomware-as-a-service (RaaS) scheme that has been wreaking havoc in the U.S. since 2020. The threat actors behind this scheme are known for targeting critical infrastructure sectors and extorting large sums of money from their victims. To date, LockBit has claimed responsibility for at least 1,653 ransomware attacks and has extorted $91 million from various U.S. organizations. This article will provide an in-depth overview of the LockBit ransomware scheme, including its evolving threat landscape, attack chains, and vulnerabilities exploited. We will also discuss its unique business model, upgrades and innovations, and the recent CISA Binding Operational Directive 23-02, as well as threats to baseboard management controller implementations.

Overview of LockBit Ransomware Scheme

The LockBit ransomware scheme is a RaaS that rents out the core developers’ software to affiliates who carry out ransomware deployment and extortion. The affiliates are allowed to receive ransom payments and then send a cut to the main crew, making it a deviation from the typical ransomware business model. This business model has enabled LockBit to extort $91 million from various U.S. organizations since 2020. The threat actors behind LockBit have claimed responsibility for at least 1,653 ransomware attacks to date and have targeted various critical infrastructure sectors.

Evolving threat landscape

LockBit’s ability to adapt to new systems and environments has made it an ever-evolving threat. The ransomware strain has been adapted to target Linux, VMware ESXi, and Apple macOS systems. LockBit has been successful through its innovation and continual development of the group’s administrative panel, affiliate supporting functions, and constant revision of tactics, techniques, and procedures (TTPs).

Attack Chains and Vulnerabilities Exploited

LockBit’s attack chains have leveraged recently disclosed flaws in Fortra GoAnywhere Managed File Transfer (MFT) and PaperCut MF/NG servers, as well as other known bugs in Apache Log4j2, F5 BIG-IP and BIG-IQ, and Fortinet devices, to obtain initial access. The threat actors behind LockBit have exploited these vulnerabilities to gain access to their targets’ networks and deploy ransomware.

Unique business model

LockBit’s unique business model, which involves renting out the core developers’ malware to affiliates who carry out ransomware attacks and extortion, has enabled the operation to extort large sums of money from various U.S. organizations. This business model has also made it difficult for law enforcement to identify and prosecute the main perpetrators behind LockBit.

Upgrades and Innovations

The LockBit ransomware strain has undergone three substantial upgrades so far: LockBit Red (June 2021), LockBit Black (March 2022), and LockBit Green (January 2023). These upgrades have enabled LockBit to stay ahead of security measures and continue to evolve its attack capabilities. LockBit’s continual development of the group’s administrative panel, affiliate supporting functions, and constant revision of TTPs have also made it a formidable threat.

CISA Binding Operational Directive 23-02

The Cybersecurity and Infrastructure Security Agency (CISA) issued Binding Operational Directive 23-02, instructing federal agencies to secure network devices exposed to the public internet within 14 days of discovery and take steps to minimize the attack surface. This directive aims at mitigating the risks posed by ransomware attacks, such as LockBit, and reducing their impact on critical infrastructure.

Threats to Baseboard Management Controller Implementations

CISA and the US National Security Agency (NSA) have highlighted threats to baseboard management controller (BMC) implementations, leading to vulnerabilities if credentials, firmware updates, and network segmentation options are overlooked. BMC is a critical component in many computing systems, and attackers can exploit vulnerabilities in these systems to gain unauthorized access, escalate privileges, and ultimately deploy ransomware.

The LockBit ransomware scheme is a growing threat to US organizations that operate critical infrastructure systems. LockBit’s ability to adapt to new environments and systems, exploit known vulnerabilities, and use a unique business model has made it a formidable adversary. Organizations must take steps to secure their networks and minimize their attack surface to mitigate the risks posed by ransomware attacks like LockBit. The recent CISA Binding Operational Directive 23-02 and threats to BMC implementations highlight the importance of implementing robust security measures to prevent ransomware attacks.

Explore more

Why is LinkedIn the Go-To for B2B Advertising Success?

In an era where digital advertising is fiercely competitive, LinkedIn emerges as a leading platform for B2B marketing success due to its expansive user base and unparalleled targeting capabilities. With over a billion users, LinkedIn provides marketers with a unique avenue to reach decision-makers and generate high-quality leads. The platform allows for strategic communication with key industry figures, a crucial

Endpoint Threat Protection Market Set for Strong Growth by 2034

As cyber threats proliferate at an unprecedented pace, the Endpoint Threat Protection market emerges as a pivotal component in the global cybersecurity fortress. By the close of 2034, experts forecast a monumental rise in the market’s valuation to approximately US$ 38 billion, up from an estimated US$ 17.42 billion. This analysis illuminates the underlying forces propelling this growth, evaluates economic

How Will ICP’s Solana Integration Transform DeFi and Web3?

The collaboration between the Internet Computer Protocol (ICP) and Solana is poised to redefine the landscape of decentralized finance (DeFi) and Web3. Announced by the DFINITY Foundation, this integration marks a pivotal step in advancing cross-chain interoperability. It follows the footsteps of previous successful integrations with Bitcoin and Ethereum, setting new standards in transactional speed, security, and user experience. Through

Embedded Finance Ecosystem – A Review

In the dynamic landscape of fintech, a remarkable shift is underway. Embedded finance is taking the stage as a transformative force, marking a significant departure from traditional financial paradigms. This evolution allows financial services such as payments, credit, and insurance to seamlessly integrate into non-financial platforms, unlocking new avenues for service delivery and consumer interaction. This review delves into the

Certificial Launches Innovative Vendor Management Program

In an era where real-time data is paramount, Certificial has unveiled its groundbreaking Vendor Management Partner Program. This initiative seeks to transform the cumbersome and often error-prone process of insurance data sharing and verification. As a leader in the Certificate of Insurance (COI) arena, Certificial’s Smart COI Network™ has become a pivotal tool for industries relying on timely insurance verification.