LockBit Ransomware Scheme Continues to Evolve and Extort Millions from US Organizations

LockBit is a ransomware-as-a-service (RaaS) scheme that has been wreaking havoc in the U.S. since 2020. The threat actors behind this scheme are known for targeting critical infrastructure sectors and extorting large sums of money from their victims. To date, LockBit has claimed responsibility for at least 1,653 ransomware attacks and has extorted $91 million from various U.S. organizations. This article will provide an in-depth overview of the LockBit ransomware scheme, including its evolving threat landscape, attack chains, and vulnerabilities exploited. We will also discuss its unique business model, upgrades and innovations, and the recent CISA Binding Operational Directive 23-02, as well as threats to baseboard management controller implementations.

Overview of LockBit Ransomware Scheme

The LockBit ransomware scheme is a RaaS that rents out the core developers’ software to affiliates who carry out ransomware deployment and extortion. The affiliates are allowed to receive ransom payments and then send a cut to the main crew, making it a deviation from the typical ransomware business model. This business model has enabled LockBit to extort $91 million from various U.S. organizations since 2020. The threat actors behind LockBit have claimed responsibility for at least 1,653 ransomware attacks to date and have targeted various critical infrastructure sectors.

Evolving threat landscape

LockBit’s ability to adapt to new systems and environments has made it an ever-evolving threat. The ransomware strain has been adapted to target Linux, VMware ESXi, and Apple macOS systems. LockBit has been successful through its innovation and continual development of the group’s administrative panel, affiliate supporting functions, and constant revision of tactics, techniques, and procedures (TTPs).

Attack Chains and Vulnerabilities Exploited

LockBit’s attack chains have leveraged recently disclosed flaws in Fortra GoAnywhere Managed File Transfer (MFT) and PaperCut MF/NG servers, as well as other known bugs in Apache Log4j2, F5 BIG-IP and BIG-IQ, and Fortinet devices, to obtain initial access. The threat actors behind LockBit have exploited these vulnerabilities to gain access to their targets’ networks and deploy ransomware.

Unique business model

LockBit’s unique business model, which involves renting out the core developers’ malware to affiliates who carry out ransomware attacks and extortion, has enabled the operation to extort large sums of money from various U.S. organizations. This business model has also made it difficult for law enforcement to identify and prosecute the main perpetrators behind LockBit.

Upgrades and Innovations

The LockBit ransomware strain has undergone three substantial upgrades so far: LockBit Red (June 2021), LockBit Black (March 2022), and LockBit Green (January 2023). These upgrades have enabled LockBit to stay ahead of security measures and continue to evolve its attack capabilities. LockBit’s continual development of the group’s administrative panel, affiliate supporting functions, and constant revision of TTPs have also made it a formidable threat.

CISA Binding Operational Directive 23-02

The Cybersecurity and Infrastructure Security Agency (CISA) issued Binding Operational Directive 23-02, instructing federal agencies to secure network devices exposed to the public internet within 14 days of discovery and take steps to minimize the attack surface. This directive aims at mitigating the risks posed by ransomware attacks, such as LockBit, and reducing their impact on critical infrastructure.

Threats to Baseboard Management Controller Implementations

CISA and the US National Security Agency (NSA) have highlighted threats to baseboard management controller (BMC) implementations, leading to vulnerabilities if credentials, firmware updates, and network segmentation options are overlooked. BMC is a critical component in many computing systems, and attackers can exploit vulnerabilities in these systems to gain unauthorized access, escalate privileges, and ultimately deploy ransomware.

The LockBit ransomware scheme is a growing threat to US organizations that operate critical infrastructure systems. LockBit’s ability to adapt to new environments and systems, exploit known vulnerabilities, and use a unique business model has made it a formidable adversary. Organizations must take steps to secure their networks and minimize their attack surface to mitigate the risks posed by ransomware attacks like LockBit. The recent CISA Binding Operational Directive 23-02 and threats to BMC implementations highlight the importance of implementing robust security measures to prevent ransomware attacks.

Explore more

Robotic Process Automation Software – Review

In an era of digital transformation, businesses are constantly striving to enhance operational efficiency. A staggering amount of time is spent on repetitive tasks that can often distract employees from more strategic work. Enter Robotic Process Automation (RPA), a technology that has revolutionized the way companies handle mundane activities. RPA software automates routine processes, freeing human workers to focus on

RPA Revolutionizes Banking With Efficiency and Cost Reductions

In today’s fast-paced financial world, how can banks maintain both precision and velocity without succumbing to human error? A striking statistic reveals manual errors cost the financial sector billions each year. Daily banking operations—from processing transactions to compliance checks—are riddled with risks of inaccuracies. It is within this context that banks are looking toward a solution that promises not just

Europe’s 5G Deployment: Regional Disparities and Policy Impacts

The landscape of 5G deployment in Europe is marked by notable regional disparities, with Northern and Southern parts of the continent surging ahead while Western and Eastern regions struggle to keep pace. Northern countries like Denmark and Sweden, along with Southern nations such as Greece, are at the forefront, boasting some of the highest 5G coverage percentages. In contrast, Western

Leadership Mindset for Sustainable DevOps Cost Optimization

Introducing Dominic Jainy, a notable expert in IT with a comprehensive background in artificial intelligence, machine learning, and blockchain technologies. Jainy is dedicated to optimizing the utilization of these groundbreaking technologies across various industries, focusing particularly on sustainable DevOps cost optimization and leadership in technology management. In this insightful discussion, Jainy delves into the pivotal leadership strategies and mindset shifts

AI in DevOps – Review

In the fast-paced world of technology, the convergence of artificial intelligence (AI) and DevOps marks a pivotal shift in how software development and IT operations are managed. As enterprises increasingly seek efficiency and agility, AI is emerging as a crucial component in DevOps practices, offering automation and predictive capabilities that drastically alter traditional workflows. This review delves into the transformative