Sunday, August 20, 2023

Who, How and What? LockBit - Ransomware

LockBit is a type of ransomware that emerged in 2nd half of 2019. In January 2020, the BitWise Spider ransomware group believed to behind the LockBit development adopted the name LockBit and began operations as a ransomware-as-a-service (RaaS).

Background, Ransomware is a form of malicious software that encrypts a victim's files, rendering them inaccessible, and demands a ransom payment from the victim in exchange for the decryption key. LockBit is part of the broader ransomware landscape and has gained notoriety for its sophisticated techniques and tactics.

LockBit had been involved in several high-profile attacks targeting various organizations. The ransomware operators often employ tactics such as double extortion tactic to encourage victims to pay, first, to regain access to their encrypted files and then to pay again to prevent their stolen data from being posted publicly. The threat to leak the stolen data if the ransom isn't paid, which adds an extra layer of pressure on the victims. 

LockBit, like many other ransomware strains, is typically distributed through phishing emails, malicious attachments, or exploit kits. Once it infects a system, it quickly spreads laterally across the network to maximize the impact. The operators behind LockBit demand a ransom payment in cryptocurrency, usually Bitcoin, in exchange for providing the decryption key to the victim.

LockBit encrypts files with the “.lockbit” extension, restricting access to data.

LockBit is a supposed to be developed by Russia-linked ransomware group BitWise Spider. LockBit was one of the most prolific ransomware groups of 2022. The group also developed StealBit - Information stealer. 

The below tables summarizes the tools developed and used by BitWise Spider Group.
MALWARE NAMEFIRST USEDTHREAT TYPE
LockBitSeptember 2019Ransomware
LockBit 2.0 (rebranded to LockBit RED in June 2022)June 2021Ransomware
StealBitJune 2021Information Stealer
LockBit Linux/ESXiOctober 2021Ransomware
LockBit 3.0 (aka LockBit BLACK)June 2022Ransomware
LockBit GREENFebruary 2023Ransomware
LockBit MacOS (ARM)April 2023 (identified)Ransomware

Modern EDR / XDR Solutions do prevent threats related to ransomware but constant up-keep is needed to stay ahead of the curve. 

Featured Posts

How? Protecting from Malicious Code

Malicious code by definition is unwanted file or program that can cause harm to a system or compromise its function. We know this for a lon...

Popular Posts