LockBit Ransomware Threat Persists | MSSP Alert

/in


MSSPs, MSPs and various cybersecurity providers continue to offer analysis and advice in the aftermath of the stunning LockBit ransomware group takedown this week, while urging caution against other ransomware operations seeking the next opportunity to attack.

It’s possible that the threat may not be over yet. Late this week Sophos X-Ops reported through its social media handle that despite the recent law enforcement activity, Sophos X-Ops had observed several attacks over the preceding 24 hours that appeared to be carried out with LockBit ransomware, built using a leaked malware builder tool. Sophos posted this news in an update to its blog post about the ConnectWise ScreenConnect vulnerabilities.

LockBit Law Enforcement Action

On February 20, the U.S. Justice Department announced that the U.K. National Crime Agency’s (NCA) Cyber Division, working in cooperation with the Federal Bureau of Investigation (FBI) and other international law enforcement partners, seized numerous public-facing websites and servers used by LockBit administrators. The effort dealt a major blow to LockBit threat actors’ ability to attack and encrypt networks and extort victims by threatening to publish stolen data.

The LockBit ransomware variant first appeared around January 2020 and had grown into one of the most active and destructive variants in the world, the Justice Department said. Moreover, LockBit members have executed attacks against more than 2,000 victims in the U.S. and around the world, making at least hundreds of millions of U.S. dollars in ransom demands and receiving over $120 million in ransom payments. 

According to Sophos X-Ops’ analysis, over the past four years LockBit has been among the top 10 most reported ransomware infections since 2020. Sophos’ Incident Response team in 2023 found that LockBit accounted for one in five of all ransomware infections.

Chester Wisniewski, field chief technology officer for Sophos, an MSSP Alert MDR Top 40 company, was cautiously optimistic LockBit had been dealt a death blow.

“Much of LockBit’s infrastructure is still online, but I don’t expect them to make a triumphant return,” Wisniewski said. “These groups continually rebrand and…

Source…