Security News > 2023 > June > CISA advisory on LockBit: $91 million extorted from 1,700 attacks since 2020

LockBit - a ransomware-as-a-service operation that has extorted $91 million from some 1,700 attacks against U.S. organizations since 2020, striking at least 576 organizations in 2022 - gives customers a low-code interface for launching attacks.

The cybersecurity advisory noted that LockBit attacks have impacted the financial services, food, education, energy, government and emergency services, healthcare, manufacturing and transportation sectors.

In the U.S. last year, LockBit constituted 16% of state and local government ransomware incidents reported to the MS-ISAC, including ransomware attacks on local governments, public higher education and K-12 schools and emergency services.

Since LockBit engages in double extortion-style attacks, in which attackers using the ransomware both lock databases and exfiltrate personally identifiable information with threats to publish unless paid, data leak sites are a prominent element in the threat group's RaaS exploits.

The advisory noted that, because leak sites only show the portion of LockBit victims subjected to extortion who refuse to pay the primary ransom to decrypt their data, the sites reveal only a slice of the total number of LockBit victims.

"For these reasons, the leak sites are not a reliable indicator of when LockBit ransomware attacks occurred," said the advisory's authors, noting the data dump onto leak sites may happen months after the ransomware attacks that generated the information.

News URL

https://www.techrepublic.com/article/cisa-advisory-lockbit/