CyberWire Daily - CISA Alert AA23-075A – #StopRansomware: LockBit 3.0.
Episode Date: March 18, 2023CISA, FBI, and the Multi-State Information Sharing and Analysis Center are releasing this joint advisory to share known LockBit 3.0 ransomware IOCs and TTPs identified through FBI investigations as re...cently as March 2023. AA23-075A Alert, Technical Details, and Mitigations Stopransomware.gov is a whole-of-government approach that gives one central location for ransomware resources and alerts. Resource to mitigate a ransomware attack: CISA-Multi-State Information Sharing and Analysis Center (MS-ISAC) Joint Ransomware Guide. No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness Assessment. See CISA Insights Mitigations and Hardening Guidance for MSPs and Small- and Mid-sized Businesses for guidance on hardening MSP and customer infrastructure. U.S. DIB sector organizations may consider signing up for the NSA Cybersecurity Collaboration Center’s DIB Cybersecurity Service Offerings, including Protective Domain Name System services, vulnerability scanning, and threat intelligence collaboration for eligible organizations. For more information on how to enroll in these services, email dib_defense@cyber.nsa.gov To report incidents and anomalous activity or to request incident response resources or technical assistance related to these threats, contact CISA at report@cisa.gov, or call (888) 282-0870, or report incidents to your local FBI field office. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. Original release date, March 16, 2023 CISA, FBI, and the Multistate Information Sharing and Analysis Center
are releasing this joint advisory to share known LockBit 3.0 ransomware IOCs and TTPs
identified through FBI investigations as recently as March 2023.
The LockBit 3.0 ransomware operations function as a ransomware-as-a-service model
and is a continuation of previous versions of the ransomware, LockBit 2.0, and the original LockBit.
Since January 2020, LockBit has functioned as an affiliate-based ransomware variant.
Affiliates deploying the LockBit ransomware use many varying TTPs and attack a wide range
of businesses and critical infrastructure organizations which make effective defense and mitigation challenging. LockBit 3.0, also known as LockBit
Black, is more modular and evasive than its previous versions and shares similarities with
BlackMatter and BlackCat ransomware. LockBit 3.0 is configured upon compilation with many
different options that determine the behavior of ransomware. Upon actual execution of the ransomware within a victim environment,
various arguments can be supplied to further modify the behavior of the ransomware.
The alert documentation linked in the show notes
includes a full MITRE ATT&CK mapping of LockBit 3.0 actions and activities.
FBI and CISA encourage organizations to implement the recommendations
in the mitigation section of this alert
to reduce the likelihood and impact of similar ransomware incidents.
The alert documentation linked in the show notes includes additional details,
IOCs, malicious actor TTPs, recovery guidance, mitigations, and response recommendations.
To report incidents and anomalous activity or to request incident response resources
or technical assistance, contact CISA at report at cisa.gov, call 888-282-0870, or report incidents to your local FBI field office.
This report was written by CISA, the United States Cybersecurity and Infrastructure Security Agency,
and edited and adapted for audio by the Cyber Wire as a public service. Please visit www.cisa.gov
to read the full report, which may include additional details, links, and illustrations.
A link to this report can be found in the show notes.
This has been a CISA Cybersecurity Alert.