LockBit ransomware gang has successfully extorted roughly $91 million following approximately 1,700 attacks against U.S. organizations since 2020, CISA reports.
In these incidents, LockBit affiliates targeted municipal governments, county governments, public higher education institutions, K-12 schools, and emergency services such as law enforcement.
“In 2022, LockBit was the most deployed ransomware variant across the world and continues to be prolific in 2023,” the joint advisory warns.
“Since January 2020, affiliates using LockBit have attacked organizations of varying sizes across an array of critical infrastructure sectors, including financial services, food and agriculture, education, energy, government and emergency services, healthcare, manufacturing, and transportation.”
With U.S. & international partners, we published a joint advisory on LockBit Ransomware: https://t.co/q8zAaaue6h
The advisory includes the common tools, exploitations, & TTPs used by LockBit affiliates. Help us #StopRansomware by visiting https://t.co/GTWks3I9Ig pic.twitter.com/G5jpxtB0Fw— Cybersecurity and Infrastructure Security Agency (@CISAgov) June 14, 2023
Today’s advisory includes a list of roughly 30 freeware and open-source tools and a detailed MITRE ATT&CK mapping of over 40 Tactics, Techniques, and Procedures (TTPs) employed by LockBit affiliates in attacks.
“The FBI encourages all organizations to review this CSA and implement the recommended mitigation measures to better defend against threat actors using LockBit. If you believe you are the victim of a cybercrime, please contact your local FBI field office,” said Bryan Vorndran, Assistant Director of the FBI’s Cyber Division, today.
