On June 15, 2023, cybersecurity authorities from New Zealand, alongside partners from several nations including the U.S., Australia, Canada, the U.K., Germany, and France, unveiled a significant joint cyber advisory. Titled "Understanding Ransomware Threat Actors: LockBit," this resource serves to educate organizations about the widespread threat posed by LockBit ransomware.
"Understanding Ransomware Threat Actors: LockBit,"
This advisory is particularly notable as it compiles valuable information that can assist organizations in defending against one of the most prolific Ransomware-as-a-Service (RaaS) threats encountered in recent years.
"Working with our U.S. and international partners, CISA is focused on reducing the prevalence of ransomware intrusions and their impacts," said Eric Goldstein, Executive Assistant Director for Cybersecurity at the Cybersecurity and Infrastructure Security Agency (CISA). This initiative aims to draw on lessons learned from past ransomware incidents that have adversely affected numerous organizations.
The advisory outlines a wealth of information, including approximately 30 tools often utilized by LockBit affiliates and over 40 tactics, techniques, and procedures (TTPs) correlated with the MITRE ATT&CK framework. The report further highlights common vulnerabilities and exposures (CVEs) that are exploited by these actors.
"Ransomware is one of the most devastating things that can happen to an organization, and we need to ensure that our countries are resilient to these attacks," said Rob Pope, Director of CERT NZ. His remarks underscore the vital need for organizations in New Zealand to be proactive in understanding and protecting themselves from these threats.
"Ransomware is one of the most devastating things that can happen to an organization, and we need to ensure that our countries are resilient to these attacks,"
By the Numbers
The advisory also traces the evolution of LockBit RaaS and examines international trends and statistics that illustrate its rising prevalence. This comprehensive resource aims to equip organizations with the knowledge they need to reduce the potential impact from these cyber incidents.
Additionally, it includes an array of resources available from the contributing agencies and outlines recommended mitigations that organizations should consider implementing. These measures are essential for safeguarding against the ongoing threat posed by LockBit and its affiliates.
Bryan Vorndran, Assistant Director of the FBI's Cyber Division, emphasized the importance of collaboration in combatting ransomware threats. "The FBI relentlessly pursues ransomware actors who continue to exploit vulnerable cyber ecosystems," he said. Vorndran further added, "We are better positioned to combat this type of malicious activity through coordination and collaboration with our federal and international partners," highlighting the collective effort necessary to mitigate harm against not just domestic entities but also allies worldwide.
"The FBI relentlessly pursues ransomware actors who continue to exploit vulnerable cyber ecosystems,"
Looking Ahead
As ransomware threats continue to evolve, the emphasis on collective action and shared resources represents a significant step toward strengthening overall cybersecurity. The hope is to create a future where ransomware actors find it increasingly challenging to deploy their tactics effectively, thereby enhancing the resilience of organizations across the globe.
To summarize, the joint advisory launched by New Zealand and its international partners is a significant contribution to global cybersecurity. It reflects a collaborative commitment to tackling the persistent and damaging threat of ransomware, ensuring organizations can better safeguard their systems and maintain operational integrity amidst today's challenging cyber landscape.