The U.K. National Crime Agency’s Cyber Division, the FBI and planetary partners person cut disconnected ransomware menace actors’ entree to LockBit’s website connected Feb. 20, which has been utilized arsenic a ample ransomware-as-a-service storefront.
On Feb. 26, LockBit resumed operations astatine a antithetic Dark Web address, according to Reuters. The ransomware pack stated that its administrators knew however the takedown had occurred (a vulnerability successful the PHP programming language) and would tally the cognition from backup servers that bash not person PHP installed. Meanwhile, Reuters reported that Britain’s National Crime Agency said the ransomware pack is “completely compromised.” The 2 groups proceed to conflict, with peculiar accent enactment connected an effort to place LockBitSupp, the idiosyncratic oregon radical starring the gang.
What is the LockBit ransomware group?
According to CISA, LockBit was the astir communal benignant of ransomware deployed globally successful 2023. LockBit ransomware could beryllium deployed done compromised website links, phishing, credential theft oregon different methods. LockBit targeted much than 2,000 victims since its archetypal quality successful January 2020, for much than $120 cardinal full successful ransomware payments.
The pack ran ransomware-as-a-service websites similar a legitimate business, offering a information leak blog, a bug bounty programme to find vulnerabilities successful the ransomware, and regular updates. Attackers known arsenic “affiliates” would beryllium provided ransomware from the LockBit sites.
SEE: IBM and ISC2 are offering a associated cybersecurity certification course for beginners. (TechRepublic)
LockBit ransomware has been deployed against organizations crossed assorted industries, successful peculiar manufacturing, semiconductor fabrication and healthcare. In addition, attackers utilizing LockBit person turned the ransomware connected municipal targets, including the U.K.’s Royal Mail.
LockBit website unopen down
On Feb. 20, the U.S. Department of Justice announced that an planetary instrumentality enforcement enactment unopen down galore websites the LockBit pack utilized to motorboat ransomware attacks. Law enforcement groups from the U.S., U.K., France, Germany, Switzerland, Japan, Australia, Sweden, Canada, the Netherlands, Finland and the European Union contributed to the seizure of the LockBit sites.
Five idiosyncratic alleged LockBit members person been charged for “their information successful the LockBit conspiracy,” according to the property release.
“Through years of innovative investigative work, the FBI and our partners person importantly degraded the capabilities of those hackers liable for launching crippling ransomware attacks against captious infrastructure and different nationalist and backstage organizations astir the world,” wrote FBI Director Christopher A. Wray successful the property release.
“For endeavor IT decision-makers, the incidental serves arsenic a vivid reminder of the necessity for robust cybersecurity measures, the worth of collaboration with instrumentality enforcement and cybersecurity communities, and the request for an agile, informed effect strategy,” said Lisa Plaggemier, enforcement manager astatine the National Cybersecurity Alliance, successful an email to TechRepublic.
Is determination a decryptor for LockBit?
The U.K. National Crime Agency and planetary partners created decryption capabilities that tin unlock information held for ransom by LockBit. Organizations targeted by LockBit tin submit a signifier to the FBI to spot if the decryption exertion mightiness enactment for them.
“We are turning the tables connected LockBit — providing decryption keys, unlocking unfortunate data, and pursuing LockBit’s transgression affiliates astir the globe,” said Deputy Attorney General Lisa Monaco successful the Department of Justice press release.
Threat actors’ responses to LockBit’s takedown
In the aftermath of the LockBit takedown, a squad from cyber menace quality institution Searchlight Cyber monitored Dark Web connection and recovered that immoderate menace actors were unsure whether the LockBit tract would beryllium down forever.
“Even notorious actors (on the Dark Web forum XSS) known for their past of selling archetypal entree to firm networks – perchance adjacent affiliates of the ransomware pack – were unsure if they should beryllium acrophobic oregon not, not knowing to what grade the infrastructure of LockBit has been compromised,” said Vlad Mironescu, menace quality expert astatine Searchlight Cyber, successful an email provided to TechRepublic.
“We person besides observed immoderate menace actors actively blaming LockBit for atrocious operational security, among speculation that instrumentality enforcement agencies person leveraged vulnerabilities recovered successful LockBit’s infrastructure to instrumentality the radical down,” said Mironescu.
How to mitigate ransomware attacks
Follow cybersecurity champion practices to trim the hazard of ransomware successful your organization, including:
- Don’t click connected suspicious links oregon suspicious emails.
- Keeping bundle and hardware updated.
- Backing up your data, including storing captious information offline.
- Applying the information rule of slightest privilege, giving users entree lone to what institution information they need.
- Using beardown spam filters and firewalls.
Plaggemier pointed retired that a good, multi-layered information strategy besides includes worker education, robust endpoint protection, strict entree controls and privilege management, menace quality services, exertion whitelisting, regular information audits, penetration investigating and participating successful collaborative information-sharing initiatives.
“This holistic attack ensures preparedness and resilience against ransomware attacks, protecting captious assets and data,” Plaggemier said.
English (US) ·