The LockBit 3.0 ransomware is more invasive than its previous versions and is capable of dismantling malware detection, federal officials warn.
The FBI, CISA and the Multi-State Information Sharing and Analysis Center released a joint advisory March 16 warning healthcare organizations of LockBit 3.0's new tactics. Here are eight things to know:
- The LockBit 3.0 ransomware operates as a ransomware-as-a-service model.
- The group is a continuation of LockBit 2.0 and LockBit.
- LockBit 3.0 shares similarities with other ransomware groups such as Blackmatter and Blackcat ransomware.
- LockBit 3.0 ransomware gains access to networks via remote desktop protocol exploitation.
- LockBit 3.0 attempts to spread across a victim's networks.
- LockBit 3.0 can hinder malware detection.
- LockBit and its affiliates have been using freeware and open-source tools during their hacks.
- The organizations recommend healthcare organizations to test and validate its security program against the threat behaviors in order to mitigate attacks from LockBit 3.0.