Home SECURITY LockBit cybercriminals made $91 million in 1,700 attacks on US institutions

LockBit cybercriminals made $91 million in 1,700 attacks on US institutions

LockBit cybercriminals made $91 million in 1,700 attacks on US institutions


LockBit cybercriminals made $91 million in 1,700 attacks on US institutions

The extortionist gang continues to hold the lead, remaining an extremely serious threat in cyberspace.

Cybersecurity experts from the US and other countries have published joint analysis , dedicated to the activities of the LockBit group, which since the end of 2019 has been distributing a ransomware encryption virus. According to the analysis, LockBit was able to raise about $91 million in ransom money from approximately 1,700 organizations in the US.

Such a huge number of attacks over several years of activity is due, among other things, to the fact that LockBit hackers work according to the model RaaS, providing ransomware as a service, and provide other groups of attackers with the opportunity to order an individual attack for a fee. At the same time, the income from the ransom is divided between LockBit developers and their partners, who receive up to 75% of the cash ransom amount.

In addition, judging by the periodic inconsistency of actions hackers, you can clearly understand that LockBit has several branches, maybe even dozens of them. Therefore, they manage to keep such a high bar in terms of the number of attacks.

The authors of the analysis, which included representatives from the United States, Australia, Canada, Great Britain, Germany, France and New Zealand, argue that LockBit is now the main global threat in the field of cybersecurity. On their leak site, this group claims to have more victims than any other extortionist gang.

According to reports received from MS-ISAC over the past year, about 16% of all ransomware incidents affecting government and municipal organizations in the United States were related to LockBit, which attacked local governments, educational institutions at various levels, and even emergency services.

“In 2022, LockBit was the most common variant of ransomware worldwide and continues to be so in 2023,” the analysts said.

“Since January 2020, LockBit partners have attacked organizations of various sizes in many sectors of critical infrastructure, including financial services, food and agriculture, education, energy, government and emergency services, healthcare, manufacturing and transportation,” the researchers added.

The analysis also provides a list of approximately 30 open tools and a detailed MITER ATT&CK map with over 40 tactics, techniques and procedures (TTP) used by LockBit and their partners in their attacks.

“The FBI encourages all organizations to review this analysis and implement the recommended mitigation measures to better protect against the LockBit threat,” said Brian Warndran, deputy director of the FBI’s Cyber ​​Division.

LockBit first appeared on researchers’ radars in September 2019 as a RaaS service. In June 2021, the second version of the LockBit ransomware was released, and the third in 2022, with a number of significant improvements, such as the ability to pay a ransom with cryptocurrency Zcashnew methods of blackmail and the first reward program for finding bugs in ransomware.

Since then, LockBit has repeatedly claimed major victims of its attacks, including the automotive giant Continental, the Italian tax office, the British Royal Mail and the city of Auckland.


Source link



Please enter your comment!
Please enter your name here