The LockBit RaaS and its affiliates have negatively impacted organizations, both large and small, across the world. See the MITRE ATT&CK Tactics and Techniques section for tables of LockBit’s activity mapped to MITRE ATT&CK® tactics and techniques. Note: This advisory uses the MITRE ATT&CK for Enterprise framework, version 13.1. Understanding Ransomware Threat Actors: LockBit (PDF, 1.24 MB The authoring organizations encourage the implementation of the recommendations found in this CSA to reduce the likelihood and impact of future ransomware incidents. New Zealand’s Computer Emergency Response Team (CERT NZ) and National Cyber Security Centre (NCSC NZ).Germany’s Federal Office for Information Security (BSI).National Cybersecurity Agency of France (ANSSI).
United Kingdom’s National Cyber Security Centre (NCSC-UK).Canadian Centre for Cyber Security (CCCS).Australian Cyber Security Centre (ACSC).The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the following international partners, hereafter referred to as “authoring organizations,” are releasing this Cybersecurity Advisory (CSA) detailing observed activity in LockBit ransomware incidents and providing recommended mitigations to enable network defenders to proactively improve their organization’s defenses against this ransomware operation. This variance in observed ransomware TTPs presents a notable challenge for organizations working to maintain network security and protect against a ransomware threat. Due to the large number of unconnected affiliates in the operation, LockBit ransomware attacks vary significantly in observed tactics, techniques, and procedures (TTPs). LockBit ransomware operation functions as a Ransomware-as-a-Service (RaaS) model where affiliates are recruited to conduct ransomware attacks using LockBit ransomware tools and infrastructure. Since January 2020, affiliates using LockBit have attacked organizations of varying sizes across an array of critical infrastructure sectors, including financial services, food and agriculture, education, energy, government and emergency services, healthcare, manufacturing, and transportation. In 2022, LockBit was the most deployed ransomware variant across the world and continues to be prolific in 2023.
0 kommentar(er)
