Ransomware - LockBit 3.0 IOC's and TTP's - 20230317002¶
Overview¶
This advisory details known indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) which are correlated with LockBit 3.0 ransomware as recently as March 2023.
What is vulnerable?¶
Since January 2020, LockBit has functioned as an affiliate-based ransomware variant; affiliates deploying the LockBit RaaS use many varying TTPs and attack a wide range of businesses and critical infrastructure organizations, which can make effective computer network defense and mitigation challenging.
What has been observed?¶
The LockBit 3.0 ransomware operations function as a Ransomware-as-a-Service (RaaS) model and is a continuation of previous versions of the ransomware, LockBit 2.0, and LockBit.
CISA has sent out advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware.
Recommendation¶
-
Prioritize remediating known exploited vulnerabilities.
-
Train users to recognize and report phishing attempts.
-
Enable and enforce phishing- resistant multifactor authentication.