Lockbit3.0 Ransomware Campaign

LockBit 3 Ransomware Campaign

The LockBit 3 ransomware campaign is a cyber attack that has targeted a variety of organizations around the world. It was first detected in May 2021 and continues to be a major threat to businesses and individuals.

The attack begins with the perpetrators sending a phishing email to a targeted individual or organization. The email contains a link or attachment that, when clicked on, downloads and installs the LockBit 3 ransomware onto the victim's computer.

Once the ransomware has been installed, it encrypts all of the victim's files, making them inaccessible. The perpetrators then demand a ransom from the victim in exchange for the decryption key, which is needed to unlock the encrypted files.

The ransom amounts demanded by the perpetrators of the LockBit 3 campaign have varied, but have typically been in the range of several thousand dollars. In some cases, the perpetrators have demanded that the ransom be paid in bitcoin or other cryptocurrencies, which can make it difficult for authorities to track the transactions.

One of the most concerning aspects of the LockBit 3 campaign is its ability to spread quickly and infect multiple computers within an organization. The ransomware is designed to propagate itself through a network, infecting other computers and devices that are connected to it. This can make it particularly devastating for organizations that have a large number of interconnected systems and devices.

There are several steps that individuals and organizations can take to protect themselves against the LockBit 3 ransomware campaign. One of the most effective is to be cautious when opening emails and to be wary of any email that contains a link or attachment that seems suspicious. It is also important to keep all software and security programs up to date, as this can help to prevent the ransomware from being able to install itself on a victim's computer.

In addition, having a good backup system in place can help to mitigate the impact of a ransomware attack. By regularly backing up important files and data, it is possible to restore them in the event that they are encrypted by the ransomware.

There have been several high-profile cases of organizations being targeted by the LockBit 3 ransomware campaign. In June 2021, the city of Baltimore was hit by the ransomware, which resulted in a number of city services being disrupted. The city ultimately decided not to pay the ransom, and was able to restore its systems using backups.

In August 2021, the Colonial Pipeline company, which operates a major fuel pipeline in the United States, was also hit by the LockBit 3 ransomware. The attack resulted in the company having to temporarily shut down the pipeline, which caused a disruption to the fuel supply in the eastern United States.

The LockBit 3 ransomware campaign is a reminder of the importance of being vigilant when it comes to cyber security. By taking steps to protect against ransomware attacks, individuals and organizations can help to safeguard their important files and data.

Locbkit3.0 Adversary Simulation Plan

Based on the aggregated threat intelligence reports and mapping to the MITRE ATT&CK matrix, FourCore has released a Lockbit3.0 Ransomware Adversary Simulation Assessment.

References:

• https://www.kaspersky.com/resource-center/threats/lockbit-ransomware
• https://news.sophos.com/en-us/2022/11/30/lockbit-3-0-black-attacks-and-leaks-reveal-wormable-capabilities-and-tooling/
• https://asec.ahnlab.com/en/41450/
• https://blogs.vmware.com/security/2022/10/lockbit-3-0-also-known-as-lockbit-black.html
• https://blog.minerva-labs.com/lockbit-3.0-aka-lockbit-black-is-here-with-a-new-icon-new-ransom-note-new-wallpaper-but-less-evasiveness