Ransomware has been a prevalent issue for over three decades, but it is only in recent years that it has attracted significant attention in the media. Among the various types of ransomware, LockBit stands out as a notorious player in the field. With its introduction of “ransomware as a service,” LockBit has become a highly profitable venture for cybercriminal gangs. This article delves into the aspects of LockBit, its victims, and the essential steps individuals and organizations can take to protect themselves from this growing threat.
LockBit, as both a term for the malicious software and the group behind it, first came to the forefront in 2019. It differs from other malware by encrypting valuable data instead of merely stealing it. Once the data is copied and encrypted, the legitimate users lose access to it, and a ransom is demanded for its release. To add to the pressure, LockBit utilizes a double extortion tactic by threatening to publish the stolen data if the ransom is not paid. This is further emphasized through a countdown timer on LockBit’s dark web blog, creating a sense of urgency for the victims.
The LockBit group remains shrouded in mystery, with limited information about their origins and motives. Based on their website, the group claims to be apolitical and focused solely on monetary gains. Notably, they have an unlimited number of affiliates, welcoming individuals from all countries and backgrounds. While LockBit imposes rules on their affiliates, such as avoiding critical infrastructure and institutions like hospitals, there is always a risk of rogue users targeting restricted organizations. Furthermore, the group excludes post-Soviet countries, citing the Soviet Union connection of some members, despite being based in the Netherlands.
LockBit has successfully targeted numerous high-profile victims, including the United Kingdom’s Royal Mail and Ministry of Defense, Japanese cycling component manufacturer Shimano, and aerospace company Boeing. The group is also suspected to be behind the ransomware incident experienced by the Industrial and Commercial Bank of China. A deeper analysis reveals that LockBit operates with a scatter-gun approach, targeting a wide range of victims rather than executing planned and targeted attacks. This suggests that LockBit operates as a service model, where various criminals utilize their software for individual ransomware campaigns.
Ransomware as a service (RaaS) has gained popularity in recent years, mirroring the software-as-a-service model. RaaS enables inexperienced criminals to launch ransomware campaigns swiftly and efficiently. These malicious service providers handle malware management, data extraction, victim negotiation, and payment processing, effectively outsourcing criminal activities. LockBit and similar groups even provide guidelines on becoming an affiliate and the benefits one can expect. With a 20% commission from the ransom paid, LockBit generates substantial revenue, including a hefty deposit of 1 Bitcoin (approximately A$58,000) required from new users.
While ransomware poses a significant global threat, implementing robust cybersecurity practices can mitigate its impact. Regularly updating and patching systems, practicing good password and account management, actively monitoring networks, and promptly addressing any suspicious activities are all crucial defenses against ransomware attacks. Each organization must also decide whether paying a ransom aligns with their ethical stance. However, by strengthening cybersecurity measures and making it harder for criminal groups to infiltrate, organizations can discourage cybercriminals and force them to seek easier targets.
LockBit ransomware represents a growing menace in the cybersecurity landscape. Its transformation into a lucrative business through the ransomware-as-a-service model has enabled its widespread adoption by various cybercriminal gangs. Understanding the operations and motives of LockBit is essential for individuals and organizations to protect themselves effectively. By implementing robust cybersecurity measures and staying vigilant, we can collectively combat this rising threat and safeguard our digital landscape.