CyberWire Daily - CISA Alert AA23-165A – Understanding Ransomware Threat Actors: LockBit.
Episode Date: June 15, 2023CISA, FBI, the MS-ISAC, and international partners are releasing this Cybersecurity Advisory to detail LockBit ransomware incidents and provide recommended mitigations to enable network defenders to p...roactively improve their organization’s defenses against this ransomware operation. AA23-165A Alert, Technical Details, and Mitigations Stopransomware.gov is a whole-of-government approach that gives one central location for ransomware resources and alerts. See the Center for Internet Security (CIS) Critical Security Controls (CIS Controls) https://www.cisecurity.org/insights/white-papers/cis-community-defense-model-2-0 for information on strengthening an organization’s cybersecurity posture through implementing a prescriptive, prioritized, and simplified set of best. See the CIS Community Defense Model 2.0 (CDM 2.0) for the effectiveness of the CIS Controls against the most prevalent types of attacks and how CDM 2.0 can be used to design, prioritize, implement, and improve an organization’s cybersecurity program. See Blueprint for Ransomware Defense for a clear, actionable framework for ransomware mitigation, response, and recovery built around the CIS Controls. No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness Assessment. U.S. DIB sector organizations may consider signing up for the NSA Cybersecurity Collaboration Center’s DIB Cybersecurity Service Offerings, including Protective Domain Name System services, vulnerability scanning, and threat intelligence collaboration for eligible organizations. For more information on how to enroll in these services, email dib_defense@cyber.nsa.gov To report incidents and anomalous activity or to request incident response resources or technical assistance related to these threats, contact CISA at report@cisa.gov, or call (888) 282-0870, or report incidents to your local FBI field office. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. Original release date, June 14, 2023.
CISA, FBI, the Multistate Information Sharing and Analysis Center, and international partners are releasing this cybersecurity advisory to detail LockBit ransomware incidents and provide recommended mitigations to enable network defenders to proactively improve their organization's defenses against this ransomware operation.
In 2022, LockBit was the most deployed ransomware variant across the world and continues to be prolific in 2023. Since January 2020, affiliates using LockBit have attacked organizations of
varying sizes across an array of critical infrastructure sectors, including financial
services, food and agriculture, education,
energy, government and emergency services, healthcare, manufacturing, and transportation.
LockBit Ransomware functions as a ransomware-as-a-service model where affiliates are
recruited to conduct ransomware attacks using LockBit Ransomware tools and infrastructure.
Due to the large number of unconnected affiliates in the operation,
lock-bit ransomware attacks vary significantly
in observed tactics, techniques, and procedures.
This variance prevents a notable challenge for organizations
working to maintain network security and protect against this ransomware threat.
The authors encourage organizations to implement the recommendations
in the mitigation section of this alert
to reduce the likelihood and impact of similar incidents. The alert documentation linked in the show notes
includes additional technical details, IOCs, mitigations, a comprehensive list of resources,
and response and reporting recommendations. To report incidents and anomalous activity or to
request incident response resources or technical assistance, contact CISA at report at cisa.gov, call 888-282-0870, or report incidents to your local
FBI field office. This report was written by CISA, the United States Cybersecurity and
Infrastructure Security Agency, and edited and adapted for audio by N2K Networks as a public
service. Please visit www.cisa.gov to read the full report,
which may include additional details, links, and illustrations.
A link to this report can be found in the show notes.
This has been a CISA Cybersecurity Alert.