Feds Share Current Threat Intelligence on LockBit 3.0 Ransomware and $10.3 Billion Losses Due to Cybercrime

The Federal Bureau of Investigation (FBI), the Multi-State Information Sharing & Analysis Center (MS-ISAC), and the Cybersecurity and Infrastructure Security Agency (CISA), issued a joint cybersecurity alert about LockBit 3.0 ransomware, also referred to as LockBit Black.

The LockBit ransomware gang has been active since September 2019. The group carried out more attacks compared to other ransomware operation in 2022. It has been approximated that LockBit ransomware is linked to about 40% of all ransomware attacks around the world. The group is thought to have done over 1,000 attacks on companies in the United States and has earned over $100 million in ransom.

LockBit as a ransomware-as-a-service operation gets affiliates to conduct attacks in exchange for a percentage of the ransom payments. The group uses double extortion tactics, which entails stealing files before encryption and issuing threats to expose or market the stolen information when there is no ransom payment. Victims are generally small- to medium-sized companies, though there had been attacks on large companies. The average ransom demand is about $85,000 per victim.

The ransomware is actively created and improved into LockBit 2.0 in 2021, then LockBit 3.0 in June 2022. LockBoit 3.0 has attributes comparable to that of BlackMatter ransomware, and it’s likely that a number of the same code was used. Preliminary access to victim systems is acquired through different strategies, which include buying access from preliminary access brokers, insider access, taking advantage of unpatched and zero-day vulnerabilities, Remote Desktop Protocol (RDP) exploitation, and phishing. Affiliates make use of

  • Stealbit – a customized data extraction tool
  • rclone – an open-source software for cloud storage management
  • MEGA – a publicly available file sharing services like to extract stolen information.

The group was responsible for the attacks on the following companies and others:

  • Continental – the German auto parts manufacturer
  • Advanced – the NHS vendor, which impacted 16 clients in the medical and social care market
  • Accenture – IT company
  • UK’s Royal Mail

In December 2022, an affiliate of LockBit attacked The Hospital for Sick Children (SickKids) located in Toronto. The group sent an apology to the victim and gave a free decryptor saying the group has kicked out the affiliate for breaking its agreements which forbid attacks on healthcare organizations where attacks may bring about death, such as cardiology centers, maternity hospitals, and neurosurgical departments. But the group permits attacks on pharmaceutical companies, plastic surgeons, and dentists. These guidelines aren’t always imposed, seeing that LockBit affiliates have carried out attacks on hospitals in past times and did not provide free decryptors, for example, the attack on France’s Center Hospitalier Sud Francilien (CHSF).

The U.S. Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center released a threat alert analyst  regarding LockBit 3.0 in December 2022 after knowing about attacks on the Healthcare and Public Healthcare (HPH) industry, and irrespective of the group’s statements, HC3 is convinced LockBit 3.0 presents a danger to the HPH industry. The Joint Cybersecurity advisory  from CISA, the FBI, and MS-ISAC gives information on the most recent tactics, techniques, and procedures (TTPs) linked to the group, Indicators of Compromise (IoCs) technical data for system defenders, and advised mitigations for enhancing cybersecurity stance.

FBI: $10.3 Billion Losses Due to Cybercrime Depicts 49% Increase in 2022

The Federal Bureau of Investigation (FBI) has shared its 2022 Internet Crime Report. According to the report, Cybercrime in 2022 resulted in $10.3 billion losses, higher by 49% or $3.4 billion than in 2021, even though complaints decreased by 5% or 800,944. In the last 5 years, the FBI Internet Crime Complaint Center (IC3) had seen over $27.6 billion in losses from 3.26 million complaints.

According to FBI’s report, ransomware attacks decreased by 36% year-over-year. There were 3,729 complaints received in 2021 compared to 2,385 complaints received in 2022. Even with this decrease, the FBI states that ransomware still presents a substantial risk, particularly to the healthcare industry, which is number one of the 16 critical infrastructure industries targeted by ransomware attacks in 2022 and pretty much saw a rise in complaints. Healthcare companies filed 210 ransomware complaints with IC3 in 2022, whereas it filed only 148 in 2021.

The FBI has noticed more double extortion tactics used in ransomware attacks, in which the attacker steals data before file encryption and demands a payment to get the decryption keys and to stop the exposure or sale of the stolen information. LockBit was linked to 149 reported ransomware attacks; ALPHV/BlackCat was lined to 114 attacks, while Hive was linked to 87 attacks.

A number of cybercriminal groups that have conducted ransomware attacks in the past have turned to extortion-only attacks. That is, stealing data and demanding ransom without encrypting files. The FBI’s records indicate extortion attacks have stayed flat, escalating just a little bit from 39,360 complaints (2021) to 39,416 complaints (2022).

Phishing is still one of the most popular attack methods with 300,497 incident reports, though phishing attacks droppped by 7% year over year. Even with that decrease, phishing continues to be the most prevalent crime type when it comes to victim count with 58,859 complaints, whereas non-delivery/non-payment has 51,679 complaints.

Business email compromise (BEC) placed 9th out of all types of crimes when it comes to complaints; however it placed 2nd when it comes to reported losses. In 2022, the cost sustained due to BEC attacks totals $2,742,354,049. BEC attacks grew by 9% year-over-year though losses due to frauds decreased by 14.5%. BEC was overtaken this year by investment frauds, which had $3,311,742,206 reported losses, higher by 127% than in 2021. The FBI reports an unparalleled escalation in crypto investment tactics in 2022 when it comes to both number of victim count and losses.

There was a significant escalation in tech assistance for scams in 2022, which went up to 3rd place when it comes to losses. Tech assistance scam complaints increased by 36% year-over-year with 32,538 complaints and deficits due to these incidents increased by about 132% or $806,551,993.

The FBI pointed out the importance of reporting cases of cybercrime of any type. Verified assistance will be given to attempt to recoup losses. The IC3 Recovery Asset Team (RAT) got a 73% success rate in freezing money and limiting losses. From $590.62 million in reported deficits throughout 2,838 cases$433.30 million in cash has been froze .