Crimeware

LockBit: Don’t Call It a Comeback

It appears the notorious ransomware group, LockBit, is back on the scene after making headlines as the most ubiquitous form of ransomware in 2022. With double extortion tactics and an ability to work around traditional security measures, this Ransomware-as-a-Service (RaaS) model is deceptive, effective and able to distribute malware at a high clip (it has affected more than 2,000 targets and collected an excess of $120 million to date). This time, LockBit has been making headlines as the source of three major cyberattacks in the United States, Canada and Croatia. Perhaps more disconcerting is the fact that these attacks were perpetrated against three separate industries: retail, healthcare and financial services.

  • Canada. The popular Canadian retailer London Drugs was forced to close more than 80 stores across the country after suffering a LockBit attack. When the company refused to pay a $25 million ransom, hackers publicly released employee data.
  • Croatia. The largest hospital in the country was forced to utilize a manual approach when LockBit hackers alleged to have acquired exfiltrated medical records.
  • United States. After breaching financial data through Evolve Bank & Trust, LockBit attackers demanded a ransom that the company was unwilling to pay. This led to the release of customer information accessed during the attack.

This last hacking effort continues a trend in the U.S.: 16% of reported government ransomware incidents were identified as LockBit attacks. However, LockBit traditionally targets the manufacturing industry, making this recent rash of attacks a bit of an outlier. It is still to be determined as to whether this signals a new trend for the group or an advantageous attack against another set of organizations with weaker cybersecurity protections.

Defending oneself from a LockBit hack is relatively easy—although any dip in vigilance can lead to a successful attack. The RaaS is primarily disseminated through social engineering techniques, such as phishing; in the Evolve Bank & Trust case, for example, LockBit got through initially due to an employee clicking on a suspicious link. To protect yourself against LockBit attacks, you should never open an attachment when stressed to do so immediately, be wary of first-time senders and careful of poor grammar. Remember: when in doubt, do not click on any suspicious links.