HHS issued a brief Dec. 12 warning healthcare organizations about the cybersecurity risks associated with ransomware group LockBit 3.0.
Seven things to know about LockBit 3.0:
- LockBit 3.0 frequently targets organizations in the healthcare industry.
- LockBit 3.0, also referred to as LockBit Black, was discovered in June 2022.
- LockBit 3.0 is the newest version of the LockBit ransomware that was first discovered in September 2019.
- The new version has been using a triple extortion model where the affected victim may be asked to purchase their sensitive information back from the group.
- The group also operates with the ransomware-as-a-service model, where they work with affiliates who may not already have the resources for creating and deploying attacks. In this situation, a percentage of the ransom the group gets from the victim goes back to the affiliated hacker.
- The motivation behind their attacks is financial gain.
- The latest version of the group's ransomware may also feature capabilities of BlackMatter ransomware.