[CDP-development] FBI Liaison Alert System (FLASH) - Indicators of Compromise Associated with Lockbit 2.0 Ransomware - TLP: WHITE

MASSE, THERESA theresa.masse at cisa.dhs.gov
Fri Feb 4 10:16:41 PST 2022 

FYSA

The FBI has released the attached FLASH report containing indicators of compromise for the Lockbit 2.0 ransomware.

LockBit 2.0 operates as an affiliate-based Ransomware-as-a-Service (RaaS) and employs a wide variety of tactics, techniques, and procedures (TTPs), creating significant challenges for defense and mitigation. LockBit 2.0 ransomware compromises victim networks through a variety of techniques, including, but not limited to, purchased access, unpatched vulnerabilities, insider access, and zero day exploits. After compromising a victim network, LockBit 2.0 actors use publicly available tools such as Mimikatz to escalate privileges. The threat actors then use both publicly available and custom tools to exfiltrate data followed by encryption using the Lockbit malware. The actors always
leave a ransom note in each affected directory within victim systems, which provides instructions on how to obtain the decryption software. The ransom note also threatens to leak exfiltrated victim data on the LockBit 2.0 leak site and demands a ransom to avoid these actions.

Document Number: FLASH-CU-000162-MW

Theresa A. Masse
Cyber Security Advisor, Region 10 (Oregon)
Cybersecurity and Infrastructure Security Agency
Department of Homeland Security
Phone: (503) 930-5671
Email: theresa.masse at cisa.dhs.gov<mailto:theresa.masse at cisa.dhs.gov>

[cid:image001.png at 01D819AF.78EB3000]


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20220204/18d69d02/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 16152 bytes
Desc: image001.png
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20220204/18d69d02/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: FLASH-CU-000162-MW_TLP_White.pdf
Type: application/pdf
Size: 1932405 bytes
Desc: FLASH-CU-000162-MW_TLP_White.pdf
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20220204/18d69d02/attachment-0001.pdf>

More information about the CDP-development mailing list