CISA Alert AA23-075A – #StopRansomware: LockBit 3.0.

CyberWire Daily

N2K Networks, Inc.

News, Daily News, Tech News, Technology

4.8 • 1.1K Ratings

🗓️ 18 March 2023

⏱️ 3 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

CISA, FBI, and the Multi-State Information Sharing and Analysis Center are releasing this joint advisory to share known LockBit 3.0 ransomware IOCs and TTPs identified through FBI investigations as recently as March 2023. AA23-075A Alert, Technical Details, and Mitigations Stopransomware.gov is a whole-of-government approach that gives one central location for ransomware resources and alerts. Resource to mitigate a ransomware attack: CISA-Multi-State Information Sharing and Analysis Center (MS-ISAC) Joint Ransomware Guide. No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness Assessment. See CISA Insights Mitigations and Hardening Guidance for MSPs and Small- and Mid-sized Businesses for guidance on hardening MSP and customer infrastructure. U.S. DIB sector organizations may consider signing up for the NSA Cybersecurity Collaboration Center’s DIB Cybersecurity Service Offerings, including Protective Domain Name System services, vulnerability scanning, and threat intelligence collaboration for eligible organizations. For more information on how to enroll in these services, email dib_defense@cyber.nsa.gov To report incidents and anomalous activity or to request incident response resources or technical assistance related to these threats, contact CISA at report@cisa.gov, or call (888) 282-0870, or report incidents to your local FBI field office. Learn more about your ad choices. Visit megaphone.fm/adchoices

Transcript

Click on a timestamp to play from that location

0:00.0	You're listening to the CyberWire Network, powered by N2K.
0:07.0	This is a CISA Cybersecurity Alert.
0:14.0	ID number Alpha Alpha 23 TAC 075 Alpha.
0:20.0	Original release date, March 16th, 2023.
0:24.0	CISA, FBI, and the Multistate Information Sharing and Analysis Center are releasing this joint advisory to share known
0:33.9	Lockbit 3.0 Ransomware IOCs and TTPs identified through FBI investigations as recently as March
0:39.8	2023.
0:42.2	The Lockbit 3.0 Ransomware Operations function as a Ransomware
0:45.6	as a service model and is a continuation of previous versions of the
0:48.5	ransomware, Lockbit 2.0 and the original Lockbit.
0:51.8	Since January 2020 original Lockbit.
0:53.0	Since January 2020, Lockbit has functioned as an affiliate-based ransomware variant.
0:58.2	Affiliates deploying the Lockbit ransomware use many varying TTPs and attack a wide
1:01.8	range of businesses and critical infrastructure
1:03.8	organizations which make effective defense and mitigation challenging.
1:08.6	Lockbit Black, is more modular and evasive than its previous versions and shares similarities
1:14.5	with Black Matter and Black Cat Ransom.
1:18.1	Lockbit 3.0 is configured upon compilation with many different options that determine the
1:21.9	behavior of
1:22.5	ransomware. Upon actual execution of the ransomware within a victim
1:26.1	environment, various arguments can be supplied to further modify the
1:29.2	behavior of the ransomware. The alert documentation linked in the show notes includes a full
	...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from N2K Networks, Inc., and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of N2K Networks, Inc. and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.