What is Ransomware: LockBit 3.0 from CISA.gov

KingdomTaurusNews.com – A few days ago, there was an alleged attack from Ransomware: LockBit 3.0 on a BANK in Indonesia. What is Ransomware: LockBit 3.0?

What is Ransomware: LockBit 3.0

The LockBit 3.0 ransomware operation works as a Ransomware-as-a-Service (RaaS) model and is a continuation of the previous ransomware versions, LockBit 2.0, and LockBit.

Since January 2020, LockBit has served as an affiliate-based variant of the ransomware; affiliates implementing LockBit RaaS use multiple TTPs and attack business and organizational critical infrastructure, which can make effective computer network defense and mitigation challenging.

LockBit 3.0, also known as “LockBit Black,” is more modular and evasive than previous versions and shares similarities with the Blackmatter and Blackcat ransomware.

According to a CISA.gov report, LockBit 3.0 will only infect machines that do not have a language setting that matches the specified exclusion list.

However, whether the system language is checked at runtime is determined by the configuration flag that was initially set at compile time. The languages included in the exclusion list are, but not limited to, Romanian (Moldovan), Arabic (Syrian) and Tatar (Russian).

ALSO READ:  OPPO Reno11 Series 5G Will Get Generative AI in 2024

If a language from the exception list is detected, LockBit 3.0 will stop execution without infecting the system.

The FBI, CISA, and MS-ISAC recommend organizations to implement the mitigations below to improve your organization’s cybersecurity posture based on LockBit 3.0 activity.

  • Implement a recovery plan to maintain and store multiple copies of sensitive or proprietary data and servers in physically separate, segmented, and secure locations (e.g. hard drives, storage devices, cloud).
  • Require all accounts with password logins (for example, service accounts, admin accounts, and domain admin accounts) to comply with National Institute for Standards and Technology (NIST) standards (https://pages.nist.gov/800-63-3/ ).
  • Require phishing-resistant multi-factor authentication.
  • Keep all operating systems, software and firmware up to date.
  • Disable unused ports.
  • Disable hyperlinks in received emails.
ALSO READ:  5 Ways to Fix TikTok Errors, in Effects, Likes, Until Ads

And so on. You can read the details at the following link (https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-075a).

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.

KTN TEAM - YOGI
KTN TEAM - YOGIhttps://www.kingdomtaurusnews.com
[YOGI APRILIO] Webmaster / Tech writer who loves mobile games

Latest articles

Related articles

TECH NEWS - KingdomTaurusNews.com