U.S. government agencies have released a joint cybersecurity advisory detailing the indicators of compromise and tactics, techniques, and procedures associated with the notorious LockBit 3.0 ransomware. "The LockBit 3.0 ransomware operations function as a Ransomware-as-a-Service model and is a continuation of previous versions of the ransomware, LockBit 2.0, and LockBit," the authorities said.
LockBit ransomware has claimed a cyber attack on Essendant, a wholesale distributer of office products after a "Significant" and ongoing outage knocked the company's operations offline. As earlier reported by BleepingComputer, Essendant's wide-spread network outage has been preventing placement or fulfillment of online orders, and impacting both the company's customers and suppliers.
Today, the LockBit ransomware is the most active and successful cybercrime organization in the world. Attributed to a Russian Threat Actor, LockBit has stepped out from the shadows of the Conti ransomware group, who were disbanded in early 2022.
Ransomware gang Lockbit has boasted it broke into Maximum Industries, which makes parts for SpaceX, and stole 3,000 proprietary schematics developed by Elon Musk's rocketeers. The prolific cybercrime crew also mocked the SpaceX supremo, and threatened to leak or sell on the blueprints from March 20 if the gang's demands to pay up aren't met.
Threat actors are promoting a new 'Exfiltrator-22' post-exploitation framework designed to spread ransomware in corporate networks while evading detection. Threat analysts at CYFIRMA claim that this new framework was created by former Lockbit 3.0 affiliates who are experts in anti-analysis and defense evasion, offering a robust solution in exchange for a subscription fee.
In brief The notorious LockBit ransomware gang has taken credit for an attack on the Royal Mail - but a deadline it gave for payment has come and gone with nothing exposed to the web except the group's claims. LockBit even published a page bragging of an attack against fintech firm ION without directly acknowledging the Royal Mail attack earlier this week - though that's now changed, according to Reuters.
The LockBit ransomware operation has claimed the cyberattack on UK's leading mail delivery service Royal Mail that forced the company to halt its international shipping services due to "Severe service disruption." This comes after LockBitSupport, the ransomware gang public-facing representative, previously told BleepingComputer that the LockBit cybercrime group did not attack Royal Mail.
UK regulators are investigating a cyberattack against financial technology firm ION, while the LockBit ransomware gang has threatened to publish the stolen data on February 4 if the software provider doesn't pay up. According to a statement posted on ION Market's website, its ION Cleared Derivatives division "Experienced a cybersecurity event" on January 31.
The LockBit ransomware gang has again started using encryptors based on other operations, this time switching to one based on the leaked source code for the Conti ransomware. This week, cybersecurity collective VX-Underground first reported that the ransomware gang is now using a new encryptor named 'LockBit Green,' based on the leaked source code of the now-disbanded Conti gang.
The LockBit ransomware operation has again taken center stage in the ransomware news, as we learned yesterday they were behind the attack on Royal Mail. Yesterday, we learned that this disruption was caused by a LockBit ransomware attack that encrypted the computers used to print customs dockets required for international shipping.