In a recent post, we reported that a ransomware gang known as “LockBit” had publicly apologized for an attack that was carried out on Canada’s Hospital for Sick Children (SickKids). In the attack, criminals used LockBit’s Ransomware-as-a-Service kit to impact the internal systems, phone lines and website of the teaching and research pediatric hospital.

LockBit has been appearing in the news more and more, and though they apologized for the attack against SickKids (which they say violated their rules…who knew they had “rules”?), they’re still a pretty dangerous ransomware faction. Here’s what you need to know about the LockBit Ransomware gang and how you can protect from one of their attacks.

LockBit is a Ransomware-as-a-Service (RaaS) operation that allows other criminals to become an “affiliate” and carry out harmful ransomware attacks using their LockBit RaaS kit. A percentage of the earnings from each attack is then shared back with LockBit, while the rest remains with the affiliate.

LockBit is responsible for an estimated 40% of all of the ransomware infections worldwide. The most recent version, LockBit 3.0 (or LockBit Black), replaces your desktop background with a message that says that your files have been “stolen and encrypted”. Then, you must find a .txt file on your machine, and follow the instructions to get your files back. You are then directed to the dark web to negotiate your ransom payment.

Usually, small- to medium-sized businesses are the intended target of a LockBit ransomware attack, however larger organizations have been victimized as well such as Foxconn, Accenture and Continental.  No matter the size, LockBit is cashing in big time on their RaaS Kits.  One man carrying out LockBit attacks was charged in November 2022 in connection with the ransomware gang and claimed that they made at least $100 million from 1,000 victims. That was just one person.

Because of the fact that LockBit aligns itself with other cybercriminals to launch their attacks, not only will the amount of money stolen likely increase, but the volume of attacks will too. This just increases the odds that your organization could fall victim to a harmful ransomware attack.

So how can you stay protected from an attack, whether it be from LockBit or any other harmful ransomware operation? Here are some tips:

• Create secure offsite backups

• Make sure security solutions are up-to-date

• Configure computers properly and make sure they are protected with the latest security patches

• Use complex passwords that are hard to guess

• Enable multi-factor authentication

• Encrypt sensitive data wherever possible

• Educate staff on the latest risks and ways cybercriminals launch attacks and steal data

Story via Tripwire