The LockBit ransomware group, which was estimated as being responsible for 40% of all reported ransomware attacks in May 2022 by NCC Group, recently launched a new iteration of its ransomware software dubbed “LockBit 3.0.” The software is a Ransomware-as-a-Service offering (RaaS) that is already being used in new attacks in the wild. The ransom notes have changed from “Restore-My-Files.txt” to a new format, “[id].README.txt.” In addition, Zcash cryptocurrency payment options, a data extortion model, and a bug bounty program for the RaaS software with rewards ranging from $1,000 to $1,000,000 for vulnerability findings and improvement ideas were added.
RaaS continues to evolve as organizations and law enforcement agencies develop effective responses. By initiating the vulnerability program, LockBit 3.0 has created a more effective model for development and maintenance of its illicit ransomware software. In addition, ransomware operators and affiliates have been shifting to the data extortion model recently as it significantly reduces time spent by such criminals in a target environment. A data extortion breach is often conducted within several days on average. This is approximately five times shorter than the average dwelling time for a ransomware breach, which requires gaining access to several endpoints and backups in order to effectively disable them. Organizations are recommended to continue security best practices, including a defense in depth program with post-exploitation detection capabilities, such as the MDR, SOC, and Threat Hunting services offered by Binary Defense.