A new critical security alert requires the mission-critical community’s immediate attention, and this one is regarding LockBit ransomware, which has become the prominent ransomware group based on its high volume of attacks in recent months.
Advisory Overview
An increase in LockBit ransomware tactics, techniques, and procedures is being monitored. LockBit ransomware is malicious software designed to block user access to computer systems in exchange for a ransom payment. The ransomware automatically will scan for valuable targets, spread the infection, and encrypt all accessible computer systems on a network. This ransomware is used for highly targeted attacks against enterprises and other organizations.
What Is the Threat?
Initial access sourcing from Remote Desktop Protocol (RDP) has been observed due to the protocol being exposed to the internet. After using RDP to connect to the server, LockBit has been seen dropping its toolset into the compromised users’ music folder.
This toolset included the following:
This threat could relate to the recent leak of the LockBit 3.0 builder via Twitter on September 21, 2022. With this leak, the group may adopt other tools and tactics.
What Are the Recommendations?
MCP’s cybersecurity team recommends the following steps:
Also, hunting for indicators of compromise is highly recommended. This can be done by querying local users’ music folders on devices that utilize RDP to expose suspicious binaries.
If you are looking for guidance, please don't hesitate to reach out. MCP offers a comprehensive cybersecurity solutions suite for critical infrastructure organizations to help them determine their network, data, and application vulnerabilities. We can help you develop a complete cyberattack prevention strategy. Contact us today to learn more.