AdvisoriesCISAAA23-165AJune 14, 2023
June 14, 2023
LockBit RaaS and its affiliates have had a negative impact on organizations worldwide. In 2022, LockBit was the most active ransomware group and RaaS provider, based on the number of victims claimed on their data leak site. LockBit operates as a RaaS cybercrime group, offering access to their ransomware variant to individuals or groups (referred to as "affiliates") in exchange for payment. LockBit distinguishes itself by allowing affiliates to receive ransom payments before taking their cut, unlike other RaaS groups. They also engage in publicity stunts and online disparagement of rival groups. LockBit's success can be attributed to continuous innovation in their administrative panel and supporting functions, while their affiliates regularly update their tactics for deploying and executing ransomware.
June 14, 2023
This advisory, put out by a conglomerate of government agencies, exposes one critical theme: advanced malware is constantly changing and therefore difficult to prevent. Today’s malware is designed using modern software development practices, meaning they encapsulate services and apply a “brick in, brick out” mentality. This makes the malware easy to adjust and work around signatures, which are sequences of behaviors a defensive product marks as malicious. However, an attacker can simply adjust a behavior to break the signature. This cat-and-mouse game makes defense hard, so gaining visibility on the efficacy of common attacks should be your first priority.
Be immediately notified of new advisories and associated security tests
AdvisoryCISAAA24-207AJuly 25, 2024
