Global Courant
The United States, Canada and five other countries on Wednesday identified the digital extortion gang operating under the banner of “LockBit” as the world’s largest ransomware threat.
In a joint adviceUS, Canadian, UK, French, German, Australian and New Zealand cyber authorities said LockBit extortion software, which is used to encrypt victims’ data until a ransom is paid, is the most commonly used by cybercriminals.
“In 2022, LockBit was the most widely used ransomware variant in the world and will continue to be prolific in 2023,” the advisory said, adding that the gang and its affiliates “have negatively impacted organizations both large and small across worldwide.”
Ransomware is a form of malicious software or malware used by hackers to take over a victim’s computer or network and then demand payment in exchange for decryption.
First seen in 1989, it has become the most common cyber threat faced by Canadians, according to the Canadian Center for Cyber Security.
The agency estimates that the number of ransomware attacks worldwide increased by 151 percent in the first half of 2021 compared to the same period the year before.
The ransomware business has become increasingly sophisticated. LockBit is one of many groups that use an affiliate model, which essentially allows other cybercriminals to use their code and infrastructure in exchange for a share of the profits.
According to the advisory, the first observed activity of LockBit’s predecessor was in September 2019, and the ransomware named LockBit was first spotted on Russian-language cybercrime forums.
The advisory only cited hard numbers from three countries, with 1,700 LockBit-related incidents reported or confirmed in the United States, 69 in France and 15 in New Zealand.
But LockBit is responsible for a large share of ransomware incidents tracked by all seven governments, according to the advisory, which said the agencies involved reported anywhere from 11 to 23 percent of all recent ransom-seeking hacks to the group. attributed.
LOOK | Ransomware attacks come with a hefty price tag:
The rising cost of a ransomware attack
Organizations hit by a ransomware attack face an abundance of encrypted data and a hefty price tag to recover it. And many feel that whether they pay the ransom or not, the attacks are extremely costly.
Cited figures ‘probably significantly understated’
German and Australian officials did not immediately return messages asking for more details and figures. British authorities declined to comment.
“We generally do not comment on specific cybersecurity incidents, nor do we share statistics on events,” Robyn Hawco, media spokesman for the Communications Security Establishment, the Canadian government’s national cryptological agency, told CBC News Wednesday.
It makes sense to describe LockBit as a top ransomware player, says Brett Callow, an analyst at cybersecurity firm Emsisoft. He said the figures quoted in the advisory were “probably significantly understated”.
Callow added that the global collaboration in the advisory was an encouraging sign.
“I can’t remember that so many agencies have collaborated on an advisory before,” he said. “It’s great to see.”
