• Wed. Oct 18th, 2023

LockBit: $91M from US Institution Attacks

Avatar photo


Jul 12, 2023
LockBit: $91M from US Institution Attacks

The RaaS Model and Affiliate Network

Cybersecurity experts worldwide have conducted a joint analysis revealing the activities of LockBit, a ransomware group that has been operating since late 2019. Their findings indicate that LockBit has amassed approximately $91 million in ransom payments from targeting around 1,700 organizations in the United States.

The group’s extensive attack volume can be attributed to their utilization of the Ransomware-as-a-Service (RaaS) model, enabling other threat actors to commission customized attacks for a fee. LockBit developers and their partners split the ransom proceeds, with the partners receiving up to 75% of the payment. The irregular attack patterns suggest the existence of multiple affiliates, potentially dozens of them, contributing to LockBit’s sustained high frequency of attacks.

LockBit: A Global Cybersecurity Threat

The analysis, involving experts from several countries, designates LockBit as the foremost global cybersecurity threat, surpassing other ransomware gangs in terms of claimed victims. Reports from MS-ISAC indicate that LockBit accounted for approximately 16% of all ransomware incidents affecting US government and municipal entities in the past year. Their attacks have impacted local governments, educational institutions, and even emergency services.

The FBI urges organizations to review the analysis and implement the recommended risk mitigation measures to bolster their defense against the LockBit threat. The analysis provides a comprehensive list of open tools and an intricate MITRE ATT&CK map outlining LockBit’s tactics, techniques, and procedures (TTPs).

Evolution and Notable Victims

Initially identified as a RaaS service in September 2019, LockBit has since released subsequent versions with notable enhancements. These include the ability to accept ransom payments in the form of Zcash cryptocurrency, new blackmail techniques, and even establishing a ransomware bug bounty program. Prominent victims of LockBit’s attacks include Continental, the Italian Internal Revenue Service, the British Royal Mail, and the city of Oakland.