www.securin.io
Open in
urlscan Pro
3.168.73.82
Public Scan
Submitted URL: https://www.securin.io/articles/all-about-lockbit-ransomware/#:~:text=LockBit%20is%20known%20for%20its
Effective URL: https://www.securin.io/articles/all-about-lockbit-ransomware/
Submission: On December 03 via api from IN — Scanned from US
Effective URL: https://www.securin.io/articles/all-about-lockbit-ransomware/
Submission: On December 03 via api from IN — Scanned from US
Form analysis 6 forms found in the DOM
<form>
<fieldset>
<legend class="visuallyhidden">Consent Selection</legend>
<div id="CybotCookiebotDialogBodyFieldsetInnerContainer">
<div class="CybotCookiebotDialogBodyLevelButtonWrapper"><label class="CybotCookiebotDialogBodyLevelButtonLabel" for="CybotCookiebotDialogBodyLevelButtonNecessary"><strong
class="CybotCookiebotDialogBodyLevelButtonDescription">Necessary</strong></label>
<div class="CybotCookiebotDialogBodyLevelButtonSliderWrapper CybotCookiebotDialogBodyLevelButtonSliderWrapperDisabled"><input type="checkbox" id="CybotCookiebotDialogBodyLevelButtonNecessary"
class="CybotCookiebotDialogBodyLevelButton CybotCookiebotDialogBodyLevelButtonDisabled" disabled="disabled" checked="checked"> <span class="CybotCookiebotDialogBodyLevelButtonSlider"></span></div>
</div>
<div class="CybotCookiebotDialogBodyLevelButtonWrapper"><label class="CybotCookiebotDialogBodyLevelButtonLabel" for="CybotCookiebotDialogBodyLevelButtonPreferences"><strong
class="CybotCookiebotDialogBodyLevelButtonDescription">Preferences</strong></label>
<div class="CybotCookiebotDialogBodyLevelButtonSliderWrapper"><input type="checkbox" id="CybotCookiebotDialogBodyLevelButtonPreferences" class="CybotCookiebotDialogBodyLevelButton CybotCookiebotDialogBodyLevelConsentCheckbox"
data-target="CybotCookiebotDialogBodyLevelButtonPreferencesInline" checked="checked" tabindex="0"> <span class="CybotCookiebotDialogBodyLevelButtonSlider"></span></div>
</div>
<div class="CybotCookiebotDialogBodyLevelButtonWrapper"><label class="CybotCookiebotDialogBodyLevelButtonLabel" for="CybotCookiebotDialogBodyLevelButtonStatistics"><strong
class="CybotCookiebotDialogBodyLevelButtonDescription">Statistics</strong></label>
<div class="CybotCookiebotDialogBodyLevelButtonSliderWrapper"><input type="checkbox" id="CybotCookiebotDialogBodyLevelButtonStatistics" class="CybotCookiebotDialogBodyLevelButton CybotCookiebotDialogBodyLevelConsentCheckbox"
data-target="CybotCookiebotDialogBodyLevelButtonStatisticsInline" checked="checked" tabindex="0"> <span class="CybotCookiebotDialogBodyLevelButtonSlider"></span></div>
</div>
<div class="CybotCookiebotDialogBodyLevelButtonWrapper"><label class="CybotCookiebotDialogBodyLevelButtonLabel" for="CybotCookiebotDialogBodyLevelButtonMarketing"><strong
class="CybotCookiebotDialogBodyLevelButtonDescription">Marketing</strong></label>
<div class="CybotCookiebotDialogBodyLevelButtonSliderWrapper"><input type="checkbox" id="CybotCookiebotDialogBodyLevelButtonMarketing" class="CybotCookiebotDialogBodyLevelButton CybotCookiebotDialogBodyLevelConsentCheckbox"
data-target="CybotCookiebotDialogBodyLevelButtonMarketingInline" checked="checked" tabindex="0"> <span class="CybotCookiebotDialogBodyLevelButtonSlider"></span></div>
</div>
</div>
</fieldset>
</form><form><input type="checkbox" id="CybotCookiebotDialogBodyLevelButtonNecessaryInline" class="CybotCookiebotDialogBodyLevelButton CybotCookiebotDialogBodyLevelButtonDisabled" disabled="disabled" checked="checked"> <span
class="CybotCookiebotDialogBodyLevelButtonSlider"></span></form><form><input type="checkbox" id="CybotCookiebotDialogBodyLevelButtonPreferencesInline" class="CybotCookiebotDialogBodyLevelButton CybotCookiebotDialogBodyLevelConsentCheckbox" data-target="CybotCookiebotDialogBodyLevelButtonPreferences"
checked="checked" tabindex="0"> <span class="CybotCookiebotDialogBodyLevelButtonSlider"></span></form><form><input type="checkbox" id="CybotCookiebotDialogBodyLevelButtonStatisticsInline" class="CybotCookiebotDialogBodyLevelButton CybotCookiebotDialogBodyLevelConsentCheckbox" data-target="CybotCookiebotDialogBodyLevelButtonStatistics"
checked="checked" tabindex="0"> <span class="CybotCookiebotDialogBodyLevelButtonSlider"></span></form><form><input type="checkbox" id="CybotCookiebotDialogBodyLevelButtonMarketingInline" class="CybotCookiebotDialogBodyLevelButton CybotCookiebotDialogBodyLevelConsentCheckbox" data-target="CybotCookiebotDialogBodyLevelButtonMarketing" checked="checked"
tabindex="0"> <span class="CybotCookiebotDialogBodyLevelButtonSlider"></span></form><form class="CybotCookiebotDialogBodyLevelButtonSliderWrapper"><input type="checkbox" id="CybotCookiebotDialogBodyContentCheckboxPersonalInformation" class="CybotCookiebotDialogBodyLevelButton"> <span
class="CybotCookiebotDialogBodyLevelButtonSlider"></span></form>Text Content
* Consent
* Details
* [#IABV2SETTINGS#]
* About
THIS WEBSITE USES COOKIES
We use cookies to personalise content and ads, to provide social media features
and to analyze our traffic. We also share information about your use of our site
with our social media, advertising and analytics partners who may combine it
with other information that you’ve provided to them or that they’ve collected
from your use of their services.
Consent Selection
Necessary
Preferences
Statistics
Marketing
Show Details
* Necessary 30
Necessary cookies help make a website usable by enabling basic functions like
page navigation and access to secure areas of the website. The website cannot
function properly without these cookies.
* Airtable
6
Learn more about this provider
__Host-airtable-sessionContains a specific ID for the current session.
This is necessary for running the website correctly.
Maximum Storage Duration: 1 yearType: HTTP Cookie
__Host-airtable-session.sigContains a specific ID for the current session.
This is necessary for running the website correctly.
Maximum Storage Duration: 1 yearType: HTTP Cookie
AWSALBTGRegisters which server-cluster is serving the visitor. This is
used in context with load balancing, in order to optimize user experience.
Maximum Storage Duration: 7 daysType: HTTP Cookie
AWSALBTGCORSRegisters which server-cluster is serving the visitor. This is
used in context with load balancing, in order to optimize user experience.
Maximum Storage Duration: 7 daysType: HTTP Cookie
brwDetects and logs potential errors on third-party provided functions on
the website.
Maximum Storage Duration: 1 yearType: HTTP Cookie
login-status-pThis cookie is necessary for the login function on the
website.
Maximum Storage Duration: SessionType: HTTP Cookie
* Amazon
1
Learn more about this provider
cookies.jsDetermines whether the visitor has accepted the cookie consent
box. This ensures that the cookie consent box will not be presented again
upon re-entry.
Maximum Storage Duration: SessionType: HTTP Cookie
* Cookiebot
1
Learn more about this provider
CookieConsentStores the user's cookie consent state for the current domain
Maximum Storage Duration: 1 yearType: HTTP Cookie
* Google
1
Learn more about this provider
Some of the data collected by this provider is for the purposes of
personalization and measuring advertising effectiveness.
_GRECAPTCHAThis cookie is used to distinguish between humans and bots.
This is beneficial for the website, in order to make valid reports on the
use of their website.
Maximum Storage Duration: 180 daysType: HTTP Cookie
* Hubspot
5
Learn more about this provider
rc::aThis cookie is used to distinguish between humans and bots. This is
beneficial for the website, in order to make valid reports on the use of
their website.
Maximum Storage Duration: PersistentType: HTML Local Storage
rc::bThis cookie is used to distinguish between humans and bots.
Maximum Storage Duration: SessionType: HTML Local Storage
rc::cThis cookie is used to distinguish between humans and bots.
Maximum Storage Duration: SessionType: HTML Local Storage
rc::d-15#This cookie is used to distinguish between humans and bots.
Maximum Storage Duration: PersistentType: HTML Local Storage
rc::fThis cookie is used to distinguish between humans and bots.
Maximum Storage Duration: PersistentType: HTML Local Storage
* JazzHR
3
Learn more about this provider
AWSELBUsed to distribute traffic to the website on several servers in
order to optimise response times.
Maximum Storage Duration: SessionType: HTTP Cookie
AWSELBCORSRegisters which server-cluster is serving the visitor. This is
used in context with load balancing, in order to optimize user experience.
Maximum Storage Duration: 1 dayType: HTTP Cookie
SF_PHPSESSIDNecessary for third-party recruitment app.
Maximum Storage Duration: SessionType: HTTP Cookie
* Zoho
1
Learn more about this provider
_zcsr_tmpThis cookie is necessary for the login function on the website.
Maximum Storage Duration: SessionType: HTTP Cookie
* hsforms.com
vimeo.com
zoominfo.com
9
__cf_bm [x5]This cookie is used to distinguish between humans and bots.
This is beneficial for the website, in order to make valid reports on the
use of their website.
Maximum Storage Duration: 1 dayType: HTTP Cookie
_cfuvid [x4]This cookie is a part of the services provided by Cloudflare -
Including load-balancing, deliverance of website content and serving DNS
connection for website operators.
Maximum Storage Duration: SessionType: HTTP Cookie
* pagesense-collect.zoho.in
1
zfccnEnsures visitor browsing-security by preventing cross-site request
forgery. This cookie is essential for the security of the website and
visitor.
Maximum Storage Duration: SessionType: HTTP Cookie
* www.securin.io
2
elementorUsed in context with the website's WordPress theme. The cookie
allows the website owner to implement or change the website's content in
real-time.
Maximum Storage Duration: PersistentType: HTML Local Storage
wpEmojiSettingsSupportsThis cookie is part of a bundle of cookies which
serve the purpose of content delivery and presentation. The cookies keep
the correct state of font, blog/picture sliders, color themes and other
website settings.
Maximum Storage Duration: SessionType: HTML Local Storage
* Preferences 2
Preference cookies enable a website to remember information that changes the
way the website behaves or looks, like your preferred language or the region
that you are in.
* Airtable
1
Learn more about this provider
internal/page_viewStores data entered with a form so that when you return
to the website you don't have to fill in the data again.
Maximum Storage Duration: SessionType: Pixel Tracker
* Amazon
1
Learn more about this provider
reduxPersistIndexMaintains website settings across multiple visits.
Maximum Storage Duration: 7 daysType: HTTP Cookie
* Statistics 23
Statistic cookies help website owners to understand how visitors interact
with websites by collecting and reporting information anonymously.
* Amazon
1
Learn more about this provider
reduxPersist%3AlocalStorageUsed to implement audio-content from Spotify on
the website. Can also be used to register user interaction and preferences
in context with audio-content - This can serve statistics and marketing
purposes.
Maximum Storage Duration: 7 daysType: HTTP Cookie
* Google
7
Learn more about this provider
Some of the data collected by this provider is for the purposes of
personalization and measuring advertising effectiveness.
collectUsed to send data to Google Analytics about the visitor's device
and behavior. Tracks the visitor across devices and marketing channels.
Maximum Storage Duration: SessionType: Pixel Tracker
_ga [x2]Registers a unique ID that is used to generate statistical data on
how the visitor uses the website.
Maximum Storage Duration: 2 yearsType: HTTP Cookie
_ga_# [x2]Used by Google Analytics to collect data on the number of times
a user has visited the website as well as dates for the first and most
recent visit.
Maximum Storage Duration: 2 yearsType: HTTP Cookie
_gatUsed by Google Analytics to throttle request rate
Maximum Storage Duration: 1 dayType: HTTP Cookie
_gidRegisters a unique ID that is used to generate statistical data on how
the visitor uses the website.
Maximum Storage Duration: 1 dayType: HTTP Cookie
* Hubspot
4
Learn more about this provider
__hsscIdentifies if the cookie data needs to be updated in the visitor's
browser.
Maximum Storage Duration: 1 dayType: HTTP Cookie
__hssrcUsed to recognise the visitor's browser upon reentry on the
website.
Maximum Storage Duration: SessionType: HTTP Cookie
__hstcSets a unique ID for the session. This allows the website to obtain
data on visitor behaviour for statistical purposes.
Maximum Storage Duration: 180 daysType: HTTP Cookie
hubspotutkSets a unique ID for the session. This allows the website to
obtain data on visitor behaviour for statistical purposes.
Maximum Storage Duration: 180 daysType: HTTP Cookie
* Twitter Inc.
1
Learn more about this provider
personalization_idThis cookie is set by Twitter - The cookie allows the
visitor to share content from the website onto their Twitter profile.
Maximum Storage Duration: 400 daysType: HTTP Cookie
* Vimeo
1
Learn more about this provider
vuidCollects data on the user's visits to the website, such as which pages
have been read.
Maximum Storage Duration: 2 yearsType: HTTP Cookie
* Zoho
7
Learn more about this provider
zps-ft-detailsCollects data on the user’s navigation and behavior on the
website. This is used to compile statistical reports and heatmaps for the
website owner.
Maximum Storage Duration: PersistentType: HTML Local Storage
zps-ft-pghitType-detailsCollects data on the user’s navigation and
behavior on the website. This is used to compile statistical reports and
heatmaps for the website owner.
Maximum Storage Duration: PersistentType: HTML Local Storage
pslog.gifCollects statistics on the visitor's visits to the website, such
as the number of visits, average time spent on the website and what pages
have been read.
Maximum Storage Duration: SessionType: Pixel Tracker
zabHMBucketCollects data on the user’s navigation and behavior on the
website. This is used to compile statistical reports and heatmaps for the
website owner.
Maximum Storage Duration: 1 yearType: HTTP Cookie
zft-sdcCollects data on the user’s navigation and behavior on the website.
This is used to compile statistical reports and heatmaps for the website
owner.
Maximum Storage Duration: 1 dayType: HTTP Cookie
zsc#Registers data on visitors' website-behaviour. This is used for
internal analysis and website optimization.
Maximum Storage Duration: 1 dayType: HTTP Cookie
zabUserIdCollects data on the user’s navigation and behavior on the
website. This is used to compile statistical reports and heatmaps for the
website owner.
Maximum Storage Duration: 1 yearType: HTTP Cookie
* www.securin.io
2
ziwsSessionCollects statistics on the user's visits to the website, such
as the number of visits, average time spent on the website and what pages
have been read.
Maximum Storage Duration: SessionType: HTML Local Storage
ziwsSessionIdCollects statistics on the user's visits to the website, such
as the number of visits, average time spent on the website and what pages
have been read.
Maximum Storage Duration: SessionType: HTML Local Storage
* Marketing 7
Marketing cookies are used to track visitors across websites. The intention
is to display ads that are relevant and engaging for the individual user and
thereby more valuable for publishers and third party advertisers.
* Airtable
1
Learn more about this provider
i/adsctThe cookie is used by Twitter.com in order to determine the number
of visitors accessing the website through Twitter advertisement content.
Maximum Storage Duration: SessionType: Pixel Tracker
* Hubspot
1
Learn more about this provider
__ptq.gifSends data to the marketing platform Hubspot about the visitor's
device and behaviour. Tracks the visitor across devices and marketing
channels.
Maximum Storage Duration: SessionType: Pixel Tracker
* JazzHR
1
Learn more about this provider
external_referrer_urlRegisters how the user has reached the website to
enable pay-out of referral commission fees to partners.
Maximum Storage Duration: 1 dayType: HTTP Cookie
* Spotify
2
Learn more about this provider
anchor-website#keyvaluepairsUsed to implement audio-content from Spotify
on the website. Can also be used to register user interaction and
preferences in context with audio-content - This can serve statistics and
marketing purposes.
Maximum Storage Duration: PersistentType: IndexedDB
anchor-website#local-forage-detect-blob-supportUsed to implement
audio-content from Spotify on the website. Can also be used to register
user interaction and preferences in context with audio-content - This can
serve statistics and marketing purposes.
Maximum Storage Duration: PersistentType: IndexedDB
* Zoho
2
Learn more about this provider
psimg.gifRegisters a unique ID that identifies the user's device during
return visits. Used for conversion tracking and to measure the efficacy of
online ads.
Maximum Storage Duration: SessionType: Pixel Tracker
zps-tgr-dtsDetermines whether the user is assigned to a specific
content-experiment to optimize website content and advertisement efforts.
Maximum Storage Duration: 1 yearType: HTTP Cookie
* Unclassified 13
Unclassified cookies are cookies that we are in the process of classifying,
together with the providers of individual cookies.
* Airtable
3
Learn more about this provider
acqPending
Maximum Storage Duration: SessionType: HTTP Cookie
acq.sigPending
Maximum Storage Duration: SessionType: HTTP Cookie
brwConsentPending
Maximum Storage Duration: 1 dayType: HTTP Cookie
* Amazon
2
Learn more about this provider
reduxPersist%3AtutorialPending
Maximum Storage Duration: 7 daysType: HTTP Cookie
sp_tPending
Maximum Storage Duration: SessionType: HTTP Cookie
* JazzHR
1
Learn more about this provider
internal_navigation_countPending
Maximum Storage Duration: 1 dayType: HTTP Cookie
* Spotify
4
Learn more about this provider
com.spotify.single.item.cache:anchor-public-websitePending
Maximum Storage Duration: PersistentType: HTML Local Storage
ES|s4p-hosted|INSTALLATION_IDPending
Maximum Storage Duration: PersistentType: HTML Local Storage
ES|s4p-hosted|STORAGE_IDPending
Maximum Storage Duration: PersistentType: HTML Local Storage
optimizely-vuidPending
Maximum Storage Duration: PersistentType: HTML Local Storage
* Zoho
1
Learn more about this provider
zalb_#Pending
Maximum Storage Duration: SessionType: HTTP Cookie
* js.zi-scripts.com
1
_zitokPending
Maximum Storage Duration: 1 yearType: HTTP Cookie
* www.securin.io
1
unifiedScriptVerifiedPending
Maximum Storage Duration: SessionType: HTML Local Storage
Cross-domain consent[#BULK_CONSENT_DOMAINS_COUNT#] [#BULK_CONSENT_TITLE#]
List of domains your consent applies to: [#BULK_CONSENT_DOMAINS#]
Cookie declaration last updated on 11/11/24 by Cookiebot
[#IABV2_TITLE#]
[#IABV2_BODY_INTRO#]
[#IABV2_BODY_LEGITIMATE_INTEREST_INTRO#]
[#IABV2_BODY_PREFERENCE_INTRO#]
[#IABV2_LABEL_PURPOSES#]
[#IABV2_BODY_PURPOSES_INTRO#]
[#IABV2_BODY_PURPOSES#]
[#IABV2_LABEL_FEATURES#]
[#IABV2_BODY_FEATURES_INTRO#]
[#IABV2_BODY_FEATURES#]
[#IABV2_LABEL_PARTNERS#]
[#IABV2_BODY_PARTNERS_INTRO#]
[#IABV2_BODY_PARTNERS#]
Cookies are small text files that can be used by websites to make a user's
experience more efficient.
The law states that we can store cookies on your device if they are strictly
necessary for the operation of this site. For all other types of cookies we need
your permission.
This site uses different types of cookies. Some cookies are placed by third
party services that appear on our pages.
You can at any time change or withdraw your consent from the Cookie Declaration
on our website.
Learn more about who we are, how you can contact us and how we process personal
data in our Privacy Policy.
Please state your consent ID and date when you contact us regarding your
consent.
Do not sell or share my personal information
Deny Allow Selection Customize
Allow All
* Products
* Attack Surface Management
* Vulnerability Intelligence
ATTACK SURFACE MANAGEMENT
Our ASM platform discovers, analyzes, prioritizes, & offers remediation plans
for exposures in your known & unknown assets.
SIGN-UP FOR ASM
VULNERABILITY INTELLIGENCE
Our VI platform delivers threat intelligence & context on the latest cyber
threats providing you with actionable insights for remediation.
REQUEST A DEMO
* Services
* Vulnerability Management
* Penetration Testing
VULNERABILITY MANAGEMENT
Our vulnerability management continually detects, prioritizes, & plans
remediation to protect your entire IT landscape.
PENETRATION TESTING
Our penetration testing simulates a real-world attack on your digital assets
to determine the strength of your security & defenses.
* Use Cases
* Attack Surface Management
* Continuous Attack Surface Reduction
* Discovery of Known & Unknown Assets
* Assets with Known Ransomware and Exploitable Vulnerabilities
* Non-Production Systems Exposed to the Public
* Monitor Subsidiaries & Acquisitions
* Vulnerability Intelligence
* Early Warning Risk Alerts
* Vulnerability Prioritization
* Tech Stack Alerting
* Actionable Threat Intelligence
* Penetration Testing
* Network & Infrastructure Penetration Testing
* Meet your Compliance Requirements
* Test Your Security Resilience
* Protect Intellectual Property
* Vulnerability Management
* Manage Vulnerabilities & Exposures
* Network & Application Vulnerability Management
* Threat & Vulnerability Advisories
* Vulnerability Validation & False Positive Elimination
Continuous Attack Surface Reduction
Discovery of Known & Unknown Assets
Assets with Known Ransomware & Exploitable Vulnerabilities
Non-Production Systems Exposed to the Public
Monitor Subsidiaries & Acquisitions
Manage Vulnerabilities & Exposures
Network & Application Vulnerability Management
Threat & Vulnerability Advisories
Vulnerability Validation & False Positive Elimination
Early Warning Risk Alerts
Vulnerability Prioritization
Tech Stack Alerting
Actionable Threat Intelligence
Network & Infrastructure Penetration Testing
Meet your Compliance Requirements
Test Your Security Resilience
Protect Intellectual Property
* Partners
* Partner Program
* Become a Partner
* Register a Deal
PARTNERS
As a partner led organization, we are committed to working with our partners
to deliver world-class early warning security intelligence solutions that
eliminate the adversary advantage & deliver superior security outcomes for
your clients.
Partner Program
Become a Partner
Register a Deal
* Resources
* Reports
* Zero Days
* Articles
* Patch Watch
* Webinars & Podcasts
* Media Coverage
* Vulnerability Notices
RESOURCES
Reports
Zero Days
Articles
Patch Watch
Webinars & Podcasts
Glossary
Media Coverage
Vulnerability Notices
* About
* Overview
* Careers USA
WHO WE ARE
Overview
CAREERS
USA OPPORTUNITIES
X
Login to Securin
* Products
* Attack Surface Management
* Vulnerability Intelligence
ATTACK SURFACE MANAGEMENT
Our ASM platform discovers, analyzes, prioritizes, & offers remediation plans
for exposures in your known & unknown assets.
SIGN-UP FOR ASM
VULNERABILITY INTELLIGENCE
Our VI platform delivers threat intelligence & context on the latest cyber
threats providing you with actionable insights for remediation.
REQUEST A DEMO
* Services
* Vulnerability Management
* Penetration Testing
VULNERABILITY MANAGEMENT
Our vulnerability management continually detects, prioritizes, & plans
remediation to protect your entire IT landscape.
PENETRATION TESTING
Our penetration testing simulates a real-world attack on your digital assets
to determine the strength of your security & defenses.
* Use Cases
* Attack Surface Management
* Continuous Attack Surface Reduction
* Discovery of Known & Unknown Assets
* Assets with Known Ransomware and Exploitable Vulnerabilities
* Non-Production Systems Exposed to the Public
* Monitor Subsidiaries & Acquisitions
* Vulnerability Intelligence
* Early Warning Risk Alerts
* Vulnerability Prioritization
* Tech Stack Alerting
* Actionable Threat Intelligence
* Penetration Testing
* Network & Infrastructure Penetration Testing
* Meet your Compliance Requirements
* Test Your Security Resilience
* Protect Intellectual Property
* Vulnerability Management
* Manage Vulnerabilities & Exposures
* Network & Application Vulnerability Management
* Threat & Vulnerability Advisories
* Vulnerability Validation & False Positive Elimination
Continuous Attack Surface Reduction
Discovery of Known & Unknown Assets
Assets with Known Ransomware & Exploitable Vulnerabilities
Non-Production Systems Exposed to the Public
Monitor Subsidiaries & Acquisitions
Manage Vulnerabilities & Exposures
Network & Application Vulnerability Management
Threat & Vulnerability Advisories
Vulnerability Validation & False Positive Elimination
Early Warning Risk Alerts
Vulnerability Prioritization
Tech Stack Alerting
Actionable Threat Intelligence
Network & Infrastructure Penetration Testing
Meet your Compliance Requirements
Test Your Security Resilience
Protect Intellectual Property
* Partners
* Partner Program
* Become a Partner
* Register a Deal
PARTNERS
As a partner led organization, we are committed to working with our partners
to deliver world-class early warning security intelligence solutions that
eliminate the adversary advantage & deliver superior security outcomes for
your clients.
Partner Program
Become a Partner
Register a Deal
* Resources
* Reports
* Zero Days
* Articles
* Patch Watch
* Webinars & Podcasts
* Media Coverage
* Vulnerability Notices
RESOURCES
Reports
Zero Days
Articles
Patch Watch
Webinars & Podcasts
Glossary
Media Coverage
Vulnerability Notices
* About
* Overview
* Careers USA
WHO WE ARE
Overview
CAREERS
USA OPPORTUNITIES
X
Login to Securin
* Products
* Attack Surface Management
* Vulnerability Intelligence
ATTACK SURFACE MANAGEMENT
Our ASM platform discovers, analyzes, prioritizes, & offers remediation plans
for exposures in your known & unknown assets.
SIGN-UP FOR ASM
VULNERABILITY INTELLIGENCE
Our VI platform delivers threat intelligence & context on the latest cyber
threats providing you with actionable insights for remediation.
REQUEST A DEMO
* Services
* Vulnerability Management
* Penetration Testing
VULNERABILITY MANAGEMENT
Our vulnerability management continually detects, prioritizes, & plans
remediation to protect your entire IT landscape.
PENETRATION TESTING
Our penetration testing simulates a real-world attack on your digital assets
to determine the strength of your security & defenses.
* Use Cases
* Attack Surface Management
* Continuous Attack Surface Reduction
* Discovery of Known & Unknown Assets
* Assets with Known Ransomware and Exploitable Vulnerabilities
* Non-Production Systems Exposed to the Public
* Monitor Subsidiaries & Acquisitions
* Vulnerability Intelligence
* Early Warning Risk Alerts
* Vulnerability Prioritization
* Tech Stack Alerting
* Actionable Threat Intelligence
* Penetration Testing
* Network & Infrastructure Penetration Testing
* Meet your Compliance Requirements
* Test Your Security Resilience
* Protect Intellectual Property
* Vulnerability Management
* Manage Vulnerabilities & Exposures
* Network & Application Vulnerability Management
* Threat & Vulnerability Advisories
* Vulnerability Validation & False Positive Elimination
Continuous Attack Surface Reduction
Discovery of Known & Unknown Assets
Assets with Known Ransomware & Exploitable Vulnerabilities
Non-Production Systems Exposed to the Public
Monitor Subsidiaries & Acquisitions
Manage Vulnerabilities & Exposures
Network & Application Vulnerability Management
Threat & Vulnerability Advisories
Vulnerability Validation & False Positive Elimination
Early Warning Risk Alerts
Vulnerability Prioritization
Tech Stack Alerting
Actionable Threat Intelligence
Network & Infrastructure Penetration Testing
Meet your Compliance Requirements
Test Your Security Resilience
Protect Intellectual Property
* Partners
* Partner Program
* Become a Partner
* Register a Deal
PARTNERS
As a partner led organization, we are committed to working with our partners
to deliver world-class early warning security intelligence solutions that
eliminate the adversary advantage & deliver superior security outcomes for
your clients.
Partner Program
Become a Partner
Register a Deal
* Resources
* Reports
* Zero Days
* Articles
* Patch Watch
* Webinars & Podcasts
* Media Coverage
* Vulnerability Notices
RESOURCES
Reports
Zero Days
Articles
Patch Watch
Webinars & Podcasts
Glossary
Media Coverage
Vulnerability Notices
* About
* Overview
* Careers USA
WHO WE ARE
Overview
CAREERS
USA OPPORTUNITIES
X
Login to Securin
* Products
* Attack Surface Management
* Vulnerability Intelligence
ATTACK SURFACE MANAGEMENT
Our ASM platform discovers, analyzes, prioritizes, & offers remediation plans
for exposures in your known & unknown assets.
SIGN-UP FOR ASM
VULNERABILITY INTELLIGENCE
Our VI platform delivers threat intelligence & context on the latest cyber
threats providing you with actionable insights for remediation.
REQUEST A DEMO
* Services
* Vulnerability Management
* Penetration Testing
VULNERABILITY MANAGEMENT
Our vulnerability management continually detects, prioritizes, & plans
remediation to protect your entire IT landscape.
PENETRATION TESTING
Our penetration testing simulates a real-world attack on your digital assets
to determine the strength of your security & defenses.
* Use Cases
* Attack Surface Management
* Continuous Attack Surface Reduction
* Discovery of Known & Unknown Assets
* Assets with Known Ransomware and Exploitable Vulnerabilities
* Non-Production Systems Exposed to the Public
* Monitor Subsidiaries & Acquisitions
* Vulnerability Intelligence
* Early Warning Risk Alerts
* Vulnerability Prioritization
* Tech Stack Alerting
* Actionable Threat Intelligence
* Penetration Testing
* Network & Infrastructure Penetration Testing
* Meet your Compliance Requirements
* Test Your Security Resilience
* Protect Intellectual Property
* Vulnerability Management
* Manage Vulnerabilities & Exposures
* Network & Application Vulnerability Management
* Threat & Vulnerability Advisories
* Vulnerability Validation & False Positive Elimination
Continuous Attack Surface Reduction
Discovery of Known & Unknown Assets
Assets with Known Ransomware & Exploitable Vulnerabilities
Non-Production Systems Exposed to the Public
Monitor Subsidiaries & Acquisitions
Manage Vulnerabilities & Exposures
Network & Application Vulnerability Management
Threat & Vulnerability Advisories
Vulnerability Validation & False Positive Elimination
Early Warning Risk Alerts
Vulnerability Prioritization
Tech Stack Alerting
Actionable Threat Intelligence
Network & Infrastructure Penetration Testing
Meet your Compliance Requirements
Test Your Security Resilience
Protect Intellectual Property
* Partners
* Partner Program
* Become a Partner
* Register a Deal
PARTNERS
As a partner led organization, we are committed to working with our partners
to deliver world-class early warning security intelligence solutions that
eliminate the adversary advantage & deliver superior security outcomes for
your clients.
Partner Program
Become a Partner
Register a Deal
* Resources
* Reports
* Zero Days
* Articles
* Patch Watch
* Webinars & Podcasts
* Media Coverage
* Vulnerability Notices
RESOURCES
Reports
Zero Days
Articles
Patch Watch
Webinars & Podcasts
Glossary
Media Coverage
Vulnerability Notices
* About
* Overview
* Careers USA
WHO WE ARE
Overview
CAREERS
USA OPPORTUNITIES
X
Login to Securin
ALL ABOUT LOCKBIT RANSOMWARE
* All About Ransomware Series, APT Groups, CISA KEVs, Cyberwar, IoCs, LockBit
Ransomware, Malware, ransomware
* Dec 1, 2023
Originally Published on Mar 23, 2022.
LockBit Ransomware is one of the few ransomware groups employing self-spreading
malware technology and double encryption. After its recent attacks on the
Aerospace giant, Boeing, the Italian Revenue Agency and digital security giant,
Entrust, LockBit has only gained momentum, as they hunt for their next victim.
Read on to learn how to protect your network from LockBit attacks.
One of the most prolific ransomware groups in recent times, LockBit ransomware
began its spree of attacks as recently as September 2019. The group is
financially motivated and does not shy away from going after bigger,
high-profile enterprises and companies. Their latest attack weapon is the
CitrixBleed vulnerability (CVE-2023-4966) using which the group waged attacks on
Industrial and Commercial Bank of China (ICBC), DP World, Allen & Overy, and
Boeing, among many others.
LockBit is known for many of its unique characteristics – sophisticated
technology, extortion methods, and high-severity cyber attacks. The group is
backed by hundreds of affiliates who take care of the ‘breakin in’ phase, aka,
infiltration into vulnerable networks. Thereon, LockBit operators depend on
their ransomware code, which has today become one of the best for stealthily
creeping through networks, before adopting multiple effective extortion
strategies.
LockBit’s attack presence is seen globally, including Australia, Canada, New
Zealand and the United States. Intermittently, the attack spree pauses for a
brief period during which their ransomware technology receives superior
upgrades, ready to combat advancements in a company’s defense. Their recent
attack strategy and frequency makes LockBit a formidable predator in the cyber
realm and a determined adversary.
IN THIS BLOG:
* How Dangerous is LockBit Ransomware?
* Ransomware Variants
* How Does LockBit Ransomware Attack?
* LockBit Ransomware MITRE ATT&CK Techniques
* LockBit Cheat Sheet
* Vulnerability Details
* Recent Attacks
* How to Detect LockBit in Your Environment
* What can Organizations do to Prevent a LockBit Attack?
HOW DANGEROUS IS LOCKBIT RANSOMWARE?
Being one of the most active ransomware groups today, LockBit has a variety of
tactics and technologies to attack the biggest agencies in any industry. Here
are some tools, techniques, and procedures that make LockBit a dangerous
adversary:
* StealBit: The threat gang introduced StealBit, a malware tool used for
encryption in the LockBit 2.0 version. It is believed to be the fastest and
most efficient encryption tool.
* Spreads Fast: StealBit spreads to other devices in the network automatically,
using tools like Windows Powershell and Server Message Block (SMB), which
makes it difficult to confine immediately.
* Attacks Windows and Linux: Initially, they had targeted only Windows systems,
but LockBit 2.0 was improvised to attack Linux systems as well.
* Evasion Tactics: Their evasion tactics are well strategized, making it hard
to get flagged by the system defenses.
* Bug Bounty: LockBit conducts bug bounty programs to improve their defenses
and establish that they are professional hackers. Anyone who finds a flaw in
their malware kit is rewarded generously.
* Marketing: They actively market towards affiliates to join them and carry out
attacks. These marketing activities have garnered quite the attention and
work well for the group in getting highly-skilled threat actors.
* ZCash: LockBit 3.0 introduced ZCash payment options for collecting ransom
from victims, as well as for paying their affiliates, with less disruption
from law enforcement.
* Double Extortion: LockBit is known for its double extortion technique wherein
they steal data and also encrypt the system data making it harder for victims
to recover it.
* Triple Extortion: In August 2022, LockBit announced that it would use triple
extortion on its victims via data leaks, encryption, and DDoS attacks.
* File Deletion: A notable tactic of the third version of LockBit includes a
file deletion technique, where instead of using cmd.exe to execute a batch
file to perform the deletion.
* Exfiltrator-22: A new attack framework was created by affiliates of the
former LockBit 3.0 operation that includes features found commonly in other
post-exploitation toolkits, but has added features that enhance ransomware
deployment and data theft. The EX-22, as it is referred to, is designed to
spread ransomware quickly in corporate networks while evading detection.
* AV and EDR: The LockBit ransomware group started a campaign in early January
2023, that used combinations of techniques effective against AV and EDR
solutions.
* Exfiltrate Data: In a recent campaign, the LockBit gang introduced a new
method to allow it to exfiltrate data from high-profile organizations by
bypassing the Mark of The Web (MOTW) protection mechanism.
* Avoids Certain Languages: LockBit 3.0 also checks the victim’s UI language
before carrying out an attack. They avoid infecting systems with the
following languages:
* Arabic (Syria)
* Armenian (Armenia)
* Azerbaijani (Cyrillic Azerbaijan)
* Azerbaijani (Latin Azerbaijan)
* Belarusian (Belarus)
* Georgian (Georgia)
* Kazakh (Kazakhstan)
* Kyrgyz (Kyrgyzstan)
* Romanian (Moldova)
* Russian (Moldova)
* Russian (Russia)
* Tajik (Cyrillic Tajikistan)
* Turkmen (Turkmenistan)
* Tatar (Russia)
* Ukrainian (Ukraine)
* Uzbek (Cyrillic Uzbekistan)
* Uzbek (Latin Uzbekistan)
RANSOWMARE VARIANTS
LockBit started out as an ABCD crypto virus in 2019. LockBit’s primary targets
were private enterprises and government organizations in the United States,
China, India, Indonesia, Ukraine, and Europe with crypto as the form of demanded
ransom. In 2019 and 2020, Windows systems in healthcare and financial
institutions bore the brunt of LockBit attacks. The Ransomware group took a
brief hiatus to work on their malware kit and to improve their operations. Thus
far, two other LockBit versions have been released with attack methodologies
superior to the preceding ones.
LockBit version 2.0
LockBit version 2.0 was released in June 2021 and was used for attacks in Chile,
Taiwan, and the UK. In this version, LockBit introduced the double extortion
technique and automatic encryption of devices across Windows domains. In October
2021, LockBit began infiltrating Linux servers as well, targeting ESXi servers.
LockBit version 3.0 (LockBit Black)
In June 2022, LockBit released yet another upgraded version of the ransomware
with a bug bounty program, Zcash payments, and new extortion tactics. The new
version derives from other ransomware such as BlackMatter and DarkSide and has
anti-analysis techniques to evade detection, passwordless execution, and
in-built command-line argument feature.
A desktop wallpaper applied by LockBit 3.0 on a victim’s system
This new version of the ransomware was used in the attacks on the Italian
Revenue Agency and a county office in Ontario, Canada. In this version, LockBit
has included Denial-of-Service attacks as a method to extort from victims in
addition to encryption and data leaks.
In September 2022, an allegedly disgruntled developer leaked the builder for
LockBit 3.0’s encryptor on Twitter. The developer was reportedly unhappy with
the group’s leadership and leaked the private data. This is a blow to the
ransomware group as the builder data allows anyone to start their own ransomware
kit with an encryptor, decryptor, and specialized tools to launch the decryptor
in certain ways. Based on the leaked builder, Bl00dy ransomware gang has
developed encryptors and has been using them in an attack on an Ukrainian entity
in September 2022.
HOW DOES LOCKBIT RANSOMWARE ATTACK?
LockBit has undergone three version revisions; the latest version uses
sophisticated attack techniques. Let us take a look:
LockBit 2.0 Attack Methodology
LOCKBIT RANSOMWARE MITRE ATT&CK TECHNIQUES
LOCKBIT: A CHEAT SHEET
LockBit is available as a Ransomware-as-a-Service (RaaS), working with
affiliates who carry out attacks-for-hire and split the funds between the
LockBit developer team and the affiliates. Here is a look into LockBit’s
vulnerability arsenal:
* LockBit has the means to exploit 14 CVEs overall which exist in popular
products such as FortiOS, F5 Big IP, Microsoft Windows Server, and Microsoft
Exchange, among others.
* 6 vulnerabilities can be exploited via public or external networks and used
to run arbitrary code remotely
* 6 vulnerabilities can be used to escalate privileges and gain access to
unauthorized areas of the exposed network
* 7 vulnerabilities allow for network infiltration through web applications
* The vulnerability arsenal includes the popular ProxyShell exploit chain
(CVE-2021-34473, CVE-2021-34523, CVE-2021-31207), the PaperCut exploit
(CVE-2023-27350), and the Citrix Bleed vulnerability (CVE-2023-4966) that is
recently seeing massive exploitation.
* CVE-2022-22279 is a post-authentication vulnerability impacting end-of-life
SonicWall Secure Remote Access (SRA) products and older firmware versions of
Secure Mobile Access (SMA) 100 series. This calls to attention how
discontinued products and often overlooked assets might pose a danger to
organizations.
Many of these vulnerabilities including CVE-2021-31207 and CVE-2023-4966 have
been warned about by CISA in the #StopRansomware campaign owing to multiple
attacks by LockBit and other ransomware groups.
RECENT ATTACKS
Let us look at some of the recent attacks staged by this prolific group.
* Maximum Industries: This manufacturer makes rocket parts for SpaceX. The
LockBit gang boasted about stealing 3,000 proprietary schematics as well as
other blueprints in an attack in mid-March 2023.
* Essendant: A wholesale distributor of office goods had a significant cyber
attack in March 2023. The LockBit group claimed responsibility on March 14.
* Housing Authority of the City of Los Angeles (HACLA): The state-chartered
agency providing affordable housing to low-income individuals and families
for the City of Los Angeles, warned of a cyber incident that was later
attributed to the LockBit ransomware group.
* Aguas do Porto: A Portuguese municipal water utility company, Aguas do Porto,
was hit by the ransomware group in February 2023. The company manages full
water cycles inclusive of water supply and waste water drainage, public
lighting and photovoltaic parks.
* Royal Mail: In early January 2023, the LockBit ransomware group breached
systems of UK’s leading mail delivery service, Royal Mail, that led to
disruption of package deliveries.
* Whitworth University: A private university in Washington suffered a LockBit
ransomware attack in July 2022, and all its operations were halted for over
two weeks. The group claimed to have stolen 715 GB of Whitworth data relating
to accounting, marketing, infrastructure, and documents.
* Italian Revenue Agency: The largest cyberattack was perpetrated on the
Italian Revenue Agency by the LockBit gang in July 2022. In this attack, 78
GB worth of data was stolen from the agency’s servers. There are ongoing
talks between the revenue agency and LockBit gang regarding ransom payments.
* Entrust: Security giant, Entrust’s network was breached in June 2022 and
sensitive data was stolen by the LockBit ransomware gang. In an interesting
twist, Entrust deployed Denial-of-Service malware on LockBit’s servers
preventing them from releasing the stolen data.
* Library Lending App, Onleihe: The online library faced an operational
dysfunction after the service provider, EKZ, became a victim of a
cyberattack in March 2022. Several affiliated websites, statistics pages,
catalog data, and ID-Deliveries were impacted in the attack. There is no
credible information on what data was stolen in the attack.
* Accenture: LockBit attacked Accenture in August 2021 and demanded $50 million
as ransom. During this attack, some proprietary information was stolen and
released on LockBit’s leak site. For a detailed analysis of the attack, check
out our blog on how the Accenture attack unfolded.
HOW TO DETECT LOCKBIT RANSOMWARE IN YOUR ENVIRONMENT
We provide a list of Indicators of Compromise (IoCs) that you can use to check
your environment for the presence of any LockBit ransomware samples:
HOW DO ORGANIZATIONS PREVENT A LOCKBIT ATTACK?
* Patch CVEs: More often than not, attackers infiltrate networks and gain
access to systems via known, unpatched vulnerabilities. Follow advisories
from your vendors and the CISA KEV advisories to patch all CVEs at the
earliest. To stay ahead of attackers, follow advisories pertaining to CVEs
critical to your organization.
* Set Strong Passwords: Hackers can break into critical systems that do not
implement complex passwords. It is essential that everyone accessing the
network enables strong passwords and multi-factor authentication (MFA) to
secure their logins.
* Remove Unnecessary Permissions: Increase the amount of restrictions on
permissions to prevent potential dangers from being ignored. Pay specific
attention to those accessible by IT accounts with admin-level permissions and
endpoint users.
* Be Vigilant Handling Links: Social engineering techniques such as phishing
emails are one of the most common methods incorporated by ransomware groups
to gain access for malware distribution. Clicking unknown links is always
ill-advised.
* Keep Tabs on your Attack Surface: Employ a solution that can scan your entire
attack surface for weaknesses. Know and keep tabs on known and unknown
devices connected to your broader network.
Organizations can keep attackers at bay by staying vigilant and ensuring that
the above steps are strictly followed. A good way to do this is to employ an
automated system that regularly scans for vulnerabilities and loopholes, and
alerts the Chief Information Security Officers.
Our security experts regularly conduct research analysis of the ransomware
families and the CVEs they target. The latest analysis is published in our
Ransomware Report. Read the report to find out which ransomware families are an
active threat to your business.
WORRIED ABOUT RANSOMWARE VULNERABILITIES IN YOUR NETWORK?
TALK WITH OUR EXPERTS TO IDENTIFY WEAK-POINTS AND VULNERABILITIES.
SHARE THIS POST ON
Securin helps leaders continuously improve their security posture. We work as an
extension of your team to better protect your organization.
* Privacy Policy | Customer Agreements
CONTACT
* 2440 Louisiana Blvd NE #560, Albuquerque, NM 87110
* 505-302-1113
* info@securin.io
SECURITY SOLUTIONS
* Attack Surface Management
* Vulnerability Intelligence
* Vulnerability Management
* Penetration Testing
RESOURCE CENTER
* Zero Days
* Articles
* Patch Watch
* Vulnerability Notices
*
*
*
*
*
© Copyright 2024 Securin All Rights Reserved
12062