Thursday, October 10, 2024
HomeCyber Security NewsLockBit Ransomware Gang Earned $91 Million Ever Since It Discovered

LockBit Ransomware Gang Earned $91 Million Ever Since It Discovered

Published on

LockBit was one of the most widely used ransomware in 2022, targeting both small and large organizations irrespective of their size or net worth.

The threat actor group deploying this LockBit ransomware was working as a RaaS (Ransomware-as-a-service) based group with affiliates working anonymously worldwide.

The group is also said to have recruited affiliates for deploying the ransomware in various industries like government, agriculture, education, etc. The group also conducted some publicity-generating stunts to attract more people to their group.

- Advertisement - EHA

Recent reports from CISA (Cybersecurity and Infrastructure Security Agency), the group has reportedly earned a revenue of $91 million in ransom in the United States itself, making it one of the highest-earning malware groups in history.

Attack Timeline

LockBit was discovered as part of an activity in the ABCD ransomware in 2019.  In 2020, the first LockBit-named ransomware was found in the Russian Language. The ransomware has been upgraded to version 2 in June 2021 and version 3 in March 2022.

According to the reports, 18% of the ransomware incidents reported between 1st April 2022 to 31st March 2023 included LockBit ransomware, whereas 22% of ransomware reports in Canada in 2022 were related to the same ransomware.

In addition, the FBI reported that there have been 1700 successful attacks in the US using the LockBit ransomware.

Exploitation of CVE(s)

The affiliates recruited by the LockBit ransomware group were exploiting older and newer vulnerabilities. Some of the very common vulnerabilities exploited by the affiliates were,

  • CVE-2023-0669 –  Fortra GoAnywhere Managed File Transfer (MFT) Remote Code Execution Vulnerability 
  • CVE-2023-27350 – PaperCut MF/NG Improper Access Control Vulnerability
  • CVE-2021-44228 – Apache Log4j2 Remote Code Execution Vulnerability
  • CVE-2021-22986 – F5 BIG-IP and BIG-IQ Centralised Management iControl REST Remote Code Execution Vulnerability
  • CVE-2020-1472 – NetLogon Privilege Escalation Vulnerability
  • CVE-2019-0708 – Microsoft Remote Desktop Services Remote Code Execution Vulnerability
  • CVE-2018-13379 – Fortinet FortiOS Secure Sockets Layer (SSL) Virtual Private Network (VPN) Path Traversal Vulnerability

Mitigations

  • Keep all the OS, hardware, firmware and software up to date
  • Control and restrict all the network connections
  • Apply local execution policies for applications
  • Disable unused ports
  • Investigate abnormal activity and other activities
  • Use Web Filtering
  • Maintain Offline backups of data and encrypt them
  • Create a recovery plan

Stop Advanced Email Threats That Target Your Business Email – Try AI-Powered Email Security

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Mozilla Warns Of Firefox Zero-Day Actively Exploited In Cyber Attacks

A critical use-after-free vulnerability affecting Firefox and Firefox Extended Support Release (ESR) is being...

SpyCloud Embeds Identity Analytics in Cybercrime Investigations Solution to Accelerate Insider and Supply Chain Risk Analysis & Threat Actor Attribution

IDLink, SpyCloud’s new automated digital identity correlation capability, is now core to its industry-leading...

Abusix and Red Sift Form New Partnership, Leveraging Automation to Mitigate Cyber Attacks

The agreement has marked over 600,000 fraudulent domains for takedown in just two months...

Hackers Exploiting Zero-day Flaw in Qualcomm Chips to Attack Android Users

Hackers exploit a zero-day vulnerability found in Qualcomm chipsets, potentially affecting millions worldwide.The flaw,...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Hackers Exploiting Zero-day Flaw in Qualcomm Chips to Attack Android Users

Hackers exploit a zero-day vulnerability found in Qualcomm chipsets, potentially affecting millions worldwide.The flaw,...

Foxit PDF Reader Vulnerability Let Attackers Execute Arbitary Code

Researchers recently disclosed six new security vulnerabilities across various software, as one critical vulnerability...

Wireshark 4.4.1 Released, What’s new!

Wireshark, the world’s leading network protocol analyzer, has just released version 4.4.1, bringing a...