The National Cyber Security Centre (NCSC) has joined CERT-NZ(external link) and international partners the U.S. Cybersecurity and Infrastructure Security Agency (CISA(external link)), the Federal Bureau of Investigation (FBI(external link)), the Multi-State Information Sharing and Analysis Center (MS-ISAC(external link)), and the cyber security authorities of Australia(external link), Canada(external link), United Kingdom(external link), Germany(external link), and France(external link) to publish a joint Cybersecurity Advisory entitled Understanding Ransomware Threat Actors: LockBit(external link). This joint advisory is a comprehensive resource with common tools, exploitations, and tactics, techniques, and procedures (TTPs) used by LockBit affiliates, along with recommended mitigations for organisations to reduce the likelihood and impact of future ransomware incidents.
Threat actors using LockBit, the most globally used and prolific Ransomware-as-a-Service (RaaS) in 2022 and 2023, have attacked organisations of various sizes across a wide array of critical infrastructure sectors. To help organisations understand and defend against this global threat and its large number of unconnected LockBit affiliates, this advisory includes:
- A list of approximately 30 freeware and open-source tools used by LockBit actors,
- More than 40 of their TTPs mapped to MITRE ATT&CK,
- Observed common vulnerabilities and exposures (CVEs) used for exploitation,
- An evolution of LockBit RaaS along with worldwide trends and statistics, and
- Resources and services available from authoring agencies and recommended mitigations to help protect against the worldwide LockBit activity.
“The National Cyber Security Centre (NCSC), part of New Zealand’s Government Communications Security Bureau, shares international partners' focus on addressing ransomware. The NCSC welcomes this advisory, which reflects the experience of our partners and the NCSC’s learnings from helping organisations address LockBit’s impact in New Zealand,” said Lisa Fong, Deputy Director-General, NCSC-NZ. “These combined learnings will help ensure organisations have the best information to increase their resilience to the threat from ransomware. Helping build cyber security resilience through the sharing of cyber threat information is a key part of the NCSC’s focus, and we encourage all readers to apply the mitigations set in this advisory.”
CERT NZ Director Rob Pope said that businesses in New Zealand need to be aware of this and take action. “Ransomware is one the most devastating things that can happen to an organisation and we need to ensure that our countries are resilient to these attacks.”
-
Read or download the joint advisory at CISA's website: Understanding Ransomware Threat Actors: LockBit
For queries related to this joint advisory, please contact: info@ncsc.govt.nz