"US Government Warns Organizations of LockBit 3.0 Ransomware Attacks"

The Federal Bureau of Investigation (FBI), the Cybersecurity and Information Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) recently issued an alert on the LockBit 3.0 ransomware operation.  Since January 2020, LockBit has functioned based on the ransomware-as-a-service (RaaS) model, targeting a broad range of businesses and critical infrastructure entities and using a variety of tactics, techniques, and procedures (TTPs).  LockBit 3.0, also referred to as LockBit Black, has a more modular architecture compared to its previous variants, and supports various arguments that modify its behavior after deployment.  The alert noted that to hinder analysis and detection, LockBit 3.0 installers are encrypted and can only be executed if a password is supplied.  The FBI, CISA, and MS-ISAC explain in the joint advisory that the malware also supports specific arguments for lateral movement, can reboot systems in Safe Mode, and performs a language check at runtime to avoid infecting systems that use specific language settings, such as Arabic (Syria), Romanian (Moldova), Tatar (Russia), and others.  The advisory noted that initial access is obtained via remote desktop protocol (RDP) compromise, drive-by attacks, phishing, compromised credentials, and the exploitation of vulnerabilities in public-facing applications.  

SecurityWeek reports: "US Government Warns Organizations of LockBit 3.0 Ransomware Attacks"