What is the Lockbit ransomware threat and what should you do about it?

Hardly a day goes by without news of some new ransomware threat or other. It’s tempting to trust your firewall and security team to take care of it, but awareness is part of that security.

Knowing the threats, the vectors and how to mitigate against them is a key part of cybersecurity and everyone is responsible for that.

The latest threat on the move is the Lockbit ransomware threat.

So what is it, what does it do and how can you protect your business from it?

What is the Lockbit ransomware threat?

Lockbit is so serious, the National Cyber Security Centre, NCSC, published an advisory on it.

Paul Chichester, NCSC Director of Operations, said:

“Ransomware remains a major threat to businesses worldwide, including in the UK, and the Lockbit operation has been the most active, with widespread consequences.

“It is essential for organisations to understand the serious consequences that ransomware attacks can have on their operations, finances and reputation.

“This advisory, issued with our international partners, emphasises the importance of network defenders taking the recommended actions to establish effective protections against such attacks.”

Lockbit ransomware

Lockbit is ransomware in a virus. It was the most common ransomware detected in 2022 and still going strong in 2023.

It began life as the ABCD ransomware before being further developed and splintering off into its own variant.

It’s one of a newer ransomware-as-a-service (RaaS) variants where bad actors pay monthly to access the resources to attack businesses.

Much like you pay per month for Office 365 or Microsoft 365, these bad actors pay someone for access to ransomware code and servers.

The virus part is most troubling. The code can work by itself, identify its own vulnerabilities and self-propagate once inside a network.

What does Lockbit ransomware do?

The ransomware itself is very smart. It can scan servers and entire organisations for vulnerabilities. It will then inject code into systems it can access and lock them down.

It has 3 key stages:

1. Exploit
2. Infiltrate
3. Deploy

Exploit

Lockbit will usually be deployed by phishing or infected links. Once inside the system, it will scan for connected systems and network vulnerabilities.

Infiltrate

Once identified, Lockbit will replicate itself and spread as far as it can without being detected. It doesn’t go active yet, it’s more concerned with spreading.

It can detect and identify network security and disable some of them. It can fly under the radar of others.

Once in a system, it creates root access to whatever system it’s in ready to deploy.

Deploy

Once it has spread as far as it can and prepared the way, Lockbit will then lock down all system files and encrypt them.

From that moment on, you lose all access to files within that system and will only be able to access them with a decryption key from the hacker.

As you would expect, the price for that key can be steep!

Lockbit looks and acts just like Windows subsystems so is very difficult to detect.

There have also been instances where Lockbit code has hidden itself inside a PNG image file, making it almost impossible for endpoint security to detect and eliminate.

Once inside a system, it encrypts data and locks everything down until the company pays the ransom.

It’s a very targeted threat that seems to like going after corporations, multinationals and governments. It is also a very sophisticated attack.

How can you protect your business from Lockbit?

The easiest way to protect your business from Lockbit is to work with a security partner with a track record in protecting clients and mitigating against most threats.

Cloud hosted applications without Cloud Heroes’ systems enjoy robust, multi-layered protection, including from threats like Lockbit.

You can also protect systems by:

1. Investing in network security and scanning
2. Using strong passwords for every system
3. Using multifactor authentication wherever possible
4. Use the principle of least trust for all users
5. Regularly perform housekeeping of old accounts
6. Ensure systems use best practices for setup and configuration
7. Perform full and incremental backups of all data
8. Create a business continuity plan that includes ransomware

While that may seem a lot, all these steps increase your overall data security and will go a long way to protecting you from all threats, not just from Lockbit.

If you need help, advice or a solution to help protect your business from Lockbit or other threats, contact Cloud Heroes today!