LockBit Ransomware

LockBit RansomwareLockBit was the ransomware variant most often used in 2022, and it continues to be active this year, including a recent $70 million attack on a semiconductor manufacturer. LockBit ransomware has targeted critical infrastructure, healthcare, financial services, education, government, and emergency services since 2020. The ransomware is distributed as a Ransomware-as-a-Service (RaaS), which means the targets are mostly random and unrelated, making them more difficult for security agencies to track.

The ransomware is an enterprise-level sophisticated software designed to automatically look for valuable information on a new network. The ransomware is also self-spreading and encrypts any accessible workstations on the network. The combination of self-spreading software and RaaS options has positioned LockBit as a dangerous and prolific threat actor in 2023.

The ransomware group uses many of the successful tactics we have reviewed on this blog before, specifically maintaining a simple point-and-click interface to make the service accessible to a wider audience with a lower level of technical ability. The person who uses the RaaS is called an affiliate. LockBit pays their affiliates first before taking their cut of the ransom, which makes them unique in the RaaS world. The group also uses publicity stunts like paying people to get LockBit tattoos and disparaging other RaaS groups in online forums to generate awareness of their service.

Recently, the Taiwan Semiconductor Manufacturing Company (TSMC) was hit by a $70 million ransom demand by LockBit. TSMC is one of Apple’s biggest semiconductor suppliers. LockBit has threatened to release the company’s stolen data, along with network vulnerabilities and login information, if the ransom is not paid by August 6th. TSMC reported the ransomware came through a third-party network and cloud computing supplier and found its way onto the manufacturer’s network. A spokesperson for the company responded, “After the incident, TSMC has immediately terminated its data exchange with this concerned supplier in accordance with the Company’s security protocols and standard operating procedures.”

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright