LockBit Ransomware Extorts US Organizations For $91 Million
In a joint bulletin released by cybersecurity authorities from multiple countries, it has been revealed that the notorious LockBit ransomware gang has extorted a staggering $91 million from approximately 1,700 US organizations since 2020.
The bulletin was published by the US Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and partner authorities from Australia, Canada, France, Germany, New Zealand, and the UK. Within, it details the observed common vulnerabilities and exposures (CVEs) exploited, as well as the tools, and tactics, techniques, and procedures (TTPs) used by the LockBit gang and its affiliates.
LockBit, a ransomware-as-a-service (RaaS) operation, has gained notoriety for its disruptive and prolific attacks. The cybercriminals have spared no critical infrastructure sector, targeting industries such as financial services, healthcare, manufacturing, transportation, and government and emergency services.
The Cybersecurity Advisory (CSA) that accompanied the bulletin indicated that LockBit attacks accounted for 18% of the total reported ransomware incidents in Australia, 22% in Canada, 23% in New Zealand, and 16% in the United States.
Since its emergence in late 2019, LockBit ransomware has undergone significant upgrades, including LockBit Red (June 2021), LockBit Black (March 2022), and LockBit Green (January 2023). The latest version, LockBit Green, incorporates leaked source code from Conti ransomware.
LockBit ransomware has evolved to target Linux, VMware ESXi, and Apple macOS systems. Noteworthy for its distinctive practices, LockBit incentivizes individuals to get tattoos of its insignia and has introduced the industry's first bug bounty program. The ransomware model involves core developers renting out their software to affiliates who carry out the attacks, with affiliates receiving ransom payments directly before sharing a portion with the main group.
The success of LockBit could be attributed to its continuous innovation and development. The ransomware operation provides a simplified, point-and-click interface for easy deployment, even by threat actors with limited technical expertise. LockBit even goes so far as to directly support affiliates with the deployment of their ransomware.
CISA recently issued a Binding Operational Directive 23-02 to mitigate the growing threat, mandating federal agencies to secure network devices exposed to the public internet and reduce the attack surface.
With LockBit's unwavering influence, global companies and governments must maintain vigilance and proactively enhance their cybersecurity defenses. Combating this persistent ransomware threat necessitates collaborative efforts and constant adaptation to safeguard critical systems and mitigate financial risks.