Lord777
Professional
- Messages
- 2,577
- Reaction score
- 1,563
- Points
- 113
The ransomware gang continues to hold the upper hand, remaining an extremely serious threat in cyberspace.
Cybersecurity experts from the United States and other countries published a joint analysis on the activities of the LockBit group, which has been spreading the ransomware encryption virus since the end of 2019. According to the analysis, LockBit was able to raise about $ 91 million in cash buybacks from approximately 1,700 organizations in the United States.
This huge number of attacks over several years of activity is also due to the fact that LockBit hackers work on the RaaS model, providing extortionate services as a service, and providing other groups of attackers with the opportunity to order an individual attack for a certain fee. At the same time, the revenue from the buyout is divided between LockBit developers and their partners, who receive up to 75% of the cash buyout amount.
In addition, judging by the periodic inconsistency of hackers ' actions, you can clearly understand that LockBit has several branches, maybe even dozens of them. Therefore, they manage to keep such a high bar in terms of the number of attacks.
The authors of the analysis, which included representatives from the United States, Australia, Canada, Great Britain, Germany, France and New Zealand, claim that LockBit is now the main global threat in the field of cybersecurity. On its leak site, this group claims to have the highest number of victims than any other extortionist gang.
According to reports received from MS-ISAC over the past year, about 16% of all ransomware incidents involving US government and municipal organizations were related to LockBit, which attacked local governments, educational institutions at various levels, and even emergency services.
"In 2022, LockBit was the most widespread ransomware variant worldwide and continues to be so in 2023," the analysts said.
"Since January 2020, LockBit partners have attacked organizations of various sizes in many critical infrastructure sectors, including financial services, food and agriculture, education, energy, government and emergency services, healthcare, manufacturing, and transportation," the researchers added.
The analysis also provides a list of approximately 30 open tools and a detailed map of MITRE ATT&CK with more than 40 tactics, techniques, and procedures (TTP) used by LockBit and its partners in their attacks.
"The FBI encourages all organizations to review this analysis and implement recommended risk mitigation measures to better protect against the LockBit threat," said Brian Vorndran, deputy director of the FBI's cyber division.
LockBit first appeared on researchers ' radars in September 2019 as a RaaS service. In June 2021, the second version of the LockBit ransomware was released, and in 2022 — the third, with a number of significant improvements, such as the ability to pay for ransom with Zcash cryptocurrency, new blackmail methods and the first reward program for detecting errors in ransomware software.
Since then, LockBit has repeatedly claimed major victims of its attacks, including the car giant Continental, the Italian tax service, the British Royal Mail and the city of Auckland.
Cybersecurity experts from the United States and other countries published a joint analysis on the activities of the LockBit group, which has been spreading the ransomware encryption virus since the end of 2019. According to the analysis, LockBit was able to raise about $ 91 million in cash buybacks from approximately 1,700 organizations in the United States.
This huge number of attacks over several years of activity is also due to the fact that LockBit hackers work on the RaaS model, providing extortionate services as a service, and providing other groups of attackers with the opportunity to order an individual attack for a certain fee. At the same time, the revenue from the buyout is divided between LockBit developers and their partners, who receive up to 75% of the cash buyout amount.
In addition, judging by the periodic inconsistency of hackers ' actions, you can clearly understand that LockBit has several branches, maybe even dozens of them. Therefore, they manage to keep such a high bar in terms of the number of attacks.
The authors of the analysis, which included representatives from the United States, Australia, Canada, Great Britain, Germany, France and New Zealand, claim that LockBit is now the main global threat in the field of cybersecurity. On its leak site, this group claims to have the highest number of victims than any other extortionist gang.
According to reports received from MS-ISAC over the past year, about 16% of all ransomware incidents involving US government and municipal organizations were related to LockBit, which attacked local governments, educational institutions at various levels, and even emergency services.
"In 2022, LockBit was the most widespread ransomware variant worldwide and continues to be so in 2023," the analysts said.
"Since January 2020, LockBit partners have attacked organizations of various sizes in many critical infrastructure sectors, including financial services, food and agriculture, education, energy, government and emergency services, healthcare, manufacturing, and transportation," the researchers added.
The analysis also provides a list of approximately 30 open tools and a detailed map of MITRE ATT&CK with more than 40 tactics, techniques, and procedures (TTP) used by LockBit and its partners in their attacks.
"The FBI encourages all organizations to review this analysis and implement recommended risk mitigation measures to better protect against the LockBit threat," said Brian Vorndran, deputy director of the FBI's cyber division.
LockBit first appeared on researchers ' radars in September 2019 as a RaaS service. In June 2021, the second version of the LockBit ransomware was released, and in 2022 — the third, with a number of significant improvements, such as the ability to pay for ransom with Zcash cryptocurrency, new blackmail methods and the first reward program for detecting errors in ransomware software.
Since then, LockBit has repeatedly claimed major victims of its attacks, including the car giant Continental, the Italian tax service, the British Royal Mail and the city of Auckland.
