The HC3 has issued an advisory to warn healthcare organizations about attacks involving LockBit 3.0 ransomware. One of the prominent features of ransomware includes the triple-extortion model.

Top highlights

  • In the threat brief, the HHS highlights that LockBit 3.0 first appeared in June and contains many of the same functions as the earlier LockBit 2.0 variant. 
  • The malware appears to be utilizing features of another well-known ransomware, BlackMatter, such as the ability to send ransom notes to a printer on the network, delete volume shadow copies, and obtain the victim’s operating system details, along with several debugging features. 

Know its attack vectors?

  • The frequent attack vectors associated with ransomware are phishing, Remote Desktop Protocol (RDP), credentials, and known vulnerabilities. 
  • Once on the network, the ransomware attempts to download C2 tools such as Cobalt Strike, Metasploit, and Mimikatz. 

Latest activities observed

LockBit 3.0 operators suffered a major blow after the builder code of the ransomware was leaked in October. This indicated the misuse of source code to create new variants of ransomware.
  • One such activity was noticed by the Bl00dy ransomware gang that created its own version of the ransomware by modifying the configuration module.  
  • Meanwhile, the LockBit ransomware gang continues to make persisting attacks against organizations across multiple sectors. 
  • Recently, the gang claimed to have posted 75GB of data stolen from the department of finance in California. The exfiltrated data includes confidential, financial, and IT documents.

The bottom line

The federal agency has shared sources for indicators of compromise. Organizations should stay updated about the same and implement required security measures to protect network perimeters and critical systems.
Cyware Publisher