Lockbit 3.0 Ransomware: What you need to know

By: Ednard Toivo

Ransomware is malicious software (malware) designed to block access to a computer system or its data until a ransom has been paid. It is targeted against individuals, corporations, and governments, among others. Once a ransomware attack occurs, victims usually find their files encrypted with a payout message attached to them, and the payment is often made in the form of cryptocurrency.

This attack can weaken an economy if critical infrastructure is impacted, and businesses are often forced to shut down due to fines from global institutions. It is a faction of hackers who are well-organised and proficient at developing newer variants of ransomware software. Hacking LockBit 3.0 is more difficult than its predecessors, as it has been made faster, stealthier, and more agile.

LockBit 3.0 is undoubtedly a big shift in ransomware development, and competition within space is only expected to increase as more threat actors enhance their code to be more sophisticated.

How Does LockBit 3.0 Attack?

The primary infection vectors of LockBit 3.0 are email attachments containing malicious hyperlinks, phishing pages and compromised websites. Once the device has been infected with the ransomware, it contacts a single point of contact over the internet and scans the network for its master. When a connection is established with the Controller server, it scans the system and encrypts the files, leaving a ransomware note with instructions. Before the encryption of files, the attackers would exfiltrate as much data as possible and use the threat of public embarrassment as a push factor for demanding a ransom.
LockBit 3.0 uses vulnerable or poorly secured systems to gain access, it also uses soft extracted Remote Desktop Protocols (RDP) to remain undetected within the victim’s environment.

Why Is LockBit 3.0 Different?

LockBit 3.0 introduces unique features that differentiate it from earlier versions and other ransomware families. It incorporates advanced evasion techniques to avoid detection by anti-virus software and other security tools. Additionally, it supports multiple languages, allowing it to target victims worldwide.
LockBit 3.0’s creators have also introduced a bug bounty program, rewarding anyone who identifies ransomware or its infrastructure flaws. This unusual approach demonstrates their confidence and commitment to improving their malicious software.

Who Has Been Affected?

LockBit 3.0 has impacted organisations across various sectors, including healthcare, finance, manufacturing, and government agencies. The ransomware’s victims range from small businesses to large institutions, often chosen based on their perceived ability to pay. High-profile incidents have highlighted the devastating consequences of these attacks, from data breaches to prolonged service outages. The widespread nature of LockBit 3.0 underscores the need for enhanced cybersecurity measures.

How Can You Stay Safe?

Protecting yourself or your organisation from LockBit 3.0 requires a proactive approach.

Here are some key steps:

* Conduct employee cybersecurity awareness training e.g. phishing awareness
* Enforce multi-factor authentication on all systems and applications
* Avoid visiting suspicious or unsecured websites
* Implement regular systems and data backups
* Ensure systems and applications software updates
* Enforce strong password policy
* Implement advanced endpoint detection and response tools and
* Avoid opening suspicious links and attachments or responding to emails from unknown sources.

Why Ransomware Keeps Increasing

Ransomware attacks continue to rise due to several factors.
First, the anonymity of cryptocurrency makes it easier for cybercriminals to demand and receive payments. Second, the ransomware as a Service (RaaS) model lowers entry barriers, allowing less skilled hackers to launch attacks.

Lastly, many organisations still lack robust cybersecurity defences, making them easy targets. As long as ransomware remains profitable and challenging to trace, it will remain a preferred tool for cybercriminals.

What is Next/Recommendations?

The future of ransomware, including LockBit 3.0, will likely involve even more advanced tactics. To stay ahead, individuals and organisations must prioritise three cybersecurity. Governments and international bodies must also strengthen regulations and collaborate to disrupt ransomware networks.

Here are some recommendations:

* Adopt Zero Trust
* Invest in Threat Intelligence
* Promote Cyber Security Awareness
By taking these steps, we can reduce the impact of ransomware like LockBit 3.0 and build a more secure digital future.

Ednard Toivo Cybersecurity Specialist Communications Regulatory Authority of Namibia (CRAN)