Address
304 North Cardinal St.
Dorchester Center, MA 02124

Work Hours
Monday to Friday: 7AM - 7PM
Weekend: 10AM - 5PM

CISA Alert: LockBit Ransomware Extorted $91 Million from US Organizations

Alicia Hope  / Reporter

Source : https://www.cpomagazine.com/cyber-security/cisa-alert-lockbit-ransomware-extorted-91-million-from-us-organizations/

The Cybersecurity and Infrastructure Security Agency (CISA) has warned about LockBit ransomware extorting millions from US organizations after hundreds of attacks.

– Advertisement –

According to the joint advisory, LockBit Ransomware extorted approximately $91 million from US-based organizations after executing about 1,700 attacks since January 5, 2020.

The advisory was released in collaboration with the Federal Bureau of Investigation (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and cybersecurity agencies in Australia, Canada, the United Kingdom, Germany, France, and New Zealand.

LockBit ransomware targeted critical infrastructure organizations

For over three years, LockBit ransomware has indiscriminately targeted multiple critical infrastructure organizations for extortion.

“Since January 2020, affiliates using LockBit have attacked organizations of varying sizes across an array of critical infrastructure sectors, including financial services, food and agriculture, education, energy, government and emergency services, healthcare, manufacturing, and transportation,” CISA wrote.

Past LockBit high-profile victims globally include the UK Royal Mail, the Italian Revenue Service, the Californian City of Oakland, US software firm Entrust, French security firm Thales, and German automotive giant Continental.

According to antivirus provider Malwarebytes, LockBit ransomware targeted at least 76 victims in May 2023 alone.

In 2022, LockBit executed 576 attacks in the United States, with 16% of all reported State, Local, Tribal, and Tribunal (SLTT) government ransomware attacks originating from the group.

Similarly, LockBit was responsible for 18% of all ransomware attacks in Australia from April 2022 to the end of Q1 2023 and 22% of all ransomware attacks in Canada in 2022.

“In 2022, LockBit was the most deployed ransomware variant across the world and continues to be prolific in 2023,” the report indicated.

Additionally, CISA explained that the number of victims might be significantly higher than reported since the group lists only those who refuse to pay the ransom.

CISA and FBI:mplement the recommended mitigations

CISA, FBI, MS-ISAC, and global security partners published a list of freeware, proprietary, and open-source tools and tactics, techniques, and procedures (TTPs) employed by LockBit affiliates to help network defenders mitigate LockBit ransomware attacks.

The agencies noted that LockBit exploited 7-zip, FileZilla, AnyDesk, Impacket, ScreenConnect, TeamViewer, Mimikatz, Ngrok, Impacket, and Process Hacker to gain initial access, exfiltrate data, dump credentials, and perform other post-exploitation activities.

The advisory also listed LockBit’s most exploited vulnerabilities, including Fortra GoAnyhwere MFT RCE CVE-2023-0669, Apache Log4j2 RCE CVE-2021-44228, F5 BIG-IP and BIG-IQ flaw CVE-2021-22986, and NetLogon Privilege Escalation Vulnerability CVE-2020-1472 among others.

“The FBI encourages all organizations to review this CSA and implement the recommended mitigation measures to better defend against threat actors using LockBit,” the agency said.