Cybersecurity Advisory: LockBit Ransomware

First detected in 2019, LockBit has evolved into the most prolific ransomware-as-a-service in the world.

LockBit is typically spread through phishing emails, malicious attachments or software vulnerabilities. And it is so dangerous that the U.S. Cybersecurity and Infrastructure Security Agency, the FBI, Multi-State Information Sharing and Analysis Center, and cybersecurity authorities from six other countries felt compelled to issue a June 14, 2023 cybersecurity advisory about the ransomware. “Threat actors using LockBit … have attacked organizations of various sizes across a wide array of critical infrastructure sectors,” the agencies warned.

There have been 1,700 LockBit attacks in the United States since 2020, and $91 million in LockBit ransom payments by U.S. organizations in that time, according to the agencies.

The advisory offers numerous recommendations for organizations to defend against LockBit and other ransomware attacks. The following are some of the most crucial steps to take:

  • Require strong access controls: Ensure all accounts have robust passwords, with a minimum of 15 characters that are not commonly used or known to be compromised. Implement time-based access for accounts set at the administrator level and higher, and require multi-factor authentication for webmail, virtual private networks and privileged accounts that access critical systems. Apply the principle of least privilege, restricting user permissions to only their job responsibilities.
  • Regularly back up your data: Ensure you have a comprehensive data backup strategy. Back up and encrypt your important files to an offline or off-site location, preferably using a secure, automated backup solution. This will allow you to recover your data without paying the ransom if you experience an attack.
  • Update your software: Regularly update your operating system, software applications and antivirus programs. Patches and updates often include security fixes to protect against known vulnerabilities that ransomware might exploit. Patch software and hardware systems within 48 hours from when a vulnerability is disclosed.
  • Use robust security software: Deploy reputable antivirus software to detect and block known ransomware threats. Enable real-time scanning and automatic updates to ensure you have the latest protection.
  • Enable strong spam filters: Configure your email client or server to filter out spam and potentially malicious emails. This can help reduce the likelihood of falling victim to phishing campaigns that distribute ransomware.
  • Educate employees or third-party users: Train your employees and other users on safe computing practices, including identifying and avoiding phishing attempts and suspicious websites. Encourage them to report any suspicious emails or activities to the IT department.
  • Implement network segmentation: Divide your network into segments to limit the spread of ransomware. By isolating critical systems and sensitive data, you can prevent lateral movement by attackers within the network and thereby minimize the impact.
  • Develop and test your incident response plan: Ensure you have an up-to-date security incident response and recovery plan that outlines the steps to be taken during a ransomware attack. Regularly test and update the plan to address any vulnerabilities or shortcomings.

Remember that while these measures can reduce the risk of a ransomware attack, there is no foolproof solution. Staying vigilant, employing a defense-in-depth strategy, and regularly updating your defenses are critical components of a comprehensive cybersecurity strategy.

MBL Technologies helps organizations navigate the ever-evolving threat landscape, including ransomware attacks and other malicious activity. We offer a comprehensive suite of cybersecurity services to prevent and identify ransomware attacks. Contact us today to learn more.

Learn more about our diverse set of technology services for the federal and commercial markets.