The Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and a host of overseas cybersecurity authorities today published a joint cybersecurity advisory on the threat posed by LockBit ransomware.
The “Understanding Ransomware Threat Actors: LockBit” joint advisory “is a comprehensive resource with common tools; exploitations; and tactics, techniques, and procedures (TTPs) used by LockBit affiliates, along with recommended mitigations for organizations to reduce the likelihood and impact of future ransomware incidents,” the cyber regulators said.
The advisory ranks LockBit as the “most globally used and prolific Ransomware-as-a-Service (RaaS) in 2022 and 2023,” and said it has been used to attack “organizations of various sizes across a wide array of critical infrastructure sectors.”
To help defend against the global threat, the advisory features:
- A list of approximately 30 freeware and open-source tools used by LockBit actors;
- More than 40 of their TTPs mapped to MITRE ATT&CK;
- Observed common vulnerabilities and exposures (CVEs) used for exploitation;
- An evolution of LockBit RaaS along with worldwide trends and statistics; and
- Resources and services available from authoring agencies and recommended mitigations to help protect against the worldwide LockBit activity.
“Working with our U.S. and international partners, CISA is focused on reducing the prevalence of ransomware intrusions and their impacts, which include applying lessons learned from prior ransomware incidents that have affected far too many organizations,” commented Eric Goldstein, CISA’s executive assistant director for cybersecurity.
“This joint advisory on LockBit is another example of effective collaboration with our partners to provide timely and actionable resources to help all organizations understand and defend against this ransomware activity,” he said.
“The FBI relentlessly pursues ransomware actors who continue to exploit vulnerable cyber ecosystems,” added Bryan Vorndran, assistant director of the FBI’s Cyber Division. “We are better positioned to combat this type of malicious activity through coordination and collaboration with our federal and international partners, which are key to better mitigating and preventing harm against the American public and our allies.”
Also signing onto the advisory are the Multi-State Information Sharing and Analysis Center, and national cybersecurity authorities of Australia, Canada, United Kingdom, Germany, France, and New Zealand.