LockBit 3.0 ransomware: What you need to know
Ransomware is malicious software (malware) designed to block access to a computer system or its data until a ransom has been paid. It is targeted against individuals, corporations, and governments. Once a ransomware attack occurs, victims usually find their files encrypted with a payout message attached to them and the payment is often in the form of a cryptocurrency. This attack can cripple an economy if critical infrastructure is impacted, and businesses are often forced to shut down due to fines from global institutions.Meet LockBit 3.0
LockBit 3.0 is the latest version of the infamous LockBit Vishya. It is a faction of hackers who are well-organised and have been proficient at developing newer variants of the ransomware software. Hacking LockBit 3.0 is more difficult than its predecessors, as it has been made faster, stealthier, and more agile. LockBit 3.0 is undoubtedly a big shift in ransomware development, and competition within space is only expected to increase as more threat actors enhance their code to be more sophisticated.
How does LockBit 3.0 attack?
The primary infection vectors are e-mail attachments containing malicious hyperlinks, phishing pages and compromised websites. Once the device has been infected, it contacts a single point of contact over the internet and scans the network for its master. When a connection is established with the master server, it scans the system and encrypts the files leaving a ransomware note with instructions. Before encryption, the attackers will exfiltrate as much data as possible and use the threat of public embarrassment as a push factor for demanding a ransom.
LockBit 3.0 uses vulnerable or poorly secured systems to gain access. It also uses soft extracted Remote Desktop Protocols (RDP) to remain undetected within the victim’s environment.
Why is LockBit 3.0 different?
LockBit 3.0 introduces unique features that set it apart from earlier versions and other ransomware families. It incorporates advanced evasion techniques to avoid detection by anti-virus software and other security tools.
Additionally, it supports multiple languages, allowing it to target victims worldwide.
LockBit 3.0’s creators have also introduced a bug bounty program, offering rewards to anyone who identifies flaws in the ransomware or its infrastructure. This unusual approach demonstrates their confidence and commitment to improving their malicious software.
Who has been affected?
LockBit 3.0 has impacted organisations across various sectors, including healthcare, finance, manufacturing and government agencies. Victims range from small businesses to large institutions, often chosen based on their perceived ability to pay. High-profile incidents have highlighted the devastating consequences of these attacks, from data breaches to prolonged service outages. The widespread nature of LockBit 3.0 underscores the need for enhanced cybersecurity measures.
How can you stay safe?
Protecting yourself or your organisation from LockBit 3.0 requires a proactive approach. Here are some key steps:
• Conduct employee cybersecurity awareness training e.g. phishing awareness
• Enforce multi-factor authentication on all systems and applications
• Avoid visiting suspicious or unsecured websites
• Implement regular systems and data backups
• Ensure systems and applications software updates
• Enforce strong password policy
• Implement advanced endpoint detection and response tools; and
• Avoid opening suspicious links and attachments or responding to emails from unknown sources.
Why ransomware keeps increasing
Ransomware attacks continue to rise due to several factors.
First, the anonymity of cryptocurrency makes it easier for cybercriminals to demand and receive payments. Second, the Ransomware as a Service (RaaS) model lowers entry barriers, allowing less skilled hackers to launch attacks. Lastly, many organisations still lack robust cybersecurity defences, making them easy targets.
As long as ransomware remains profitable and challenging to trace, it will remain a preferred tool for cybercriminals.
What is next/recommendations?
The future of ransomware, including LockBit 3.0, likely involves even more advanced tactics. To stay ahead, individuals and organisations must prioritise cybersecurity. Governments and international bodies also need to strengthen regulations and collaborate to disrupt ransomware networks. This includes adopting zero trust, investing in threat intelligence, and promoting cyber security awareness.
By taking these steps, you can reduce the impact of ransomware like LockBit 3.0 and build a more secure digital future.
* Ednard Toivo is a Cybersecurity Specialist at the Communications Regulatory Authority of Namibia (CRAN).
** Opinion pieces and letters by the public do not necessarily reflect the editorial team’s opinion. The editors reserve the right to abridge original texts. All newspapers of Network Media Holdings adhere to the Code of Ethics for Namibian Media, a code established jointly with the Media Ombudsman.