Analysis of the LockBit 3.0 and its infiltration into Advanced's infrastructure crippling NHS services
The LockBit 3.0 ransomware variant is arguably the most threatening of malware in recent times. With no regard for a victim's industry, the ransomware has undergone several evolutions to arrive at an adaptable and evasive variant which has been a menace to governments and organisations, recently infiltrating Advanced Computer Software group. Previous LockBit studies mostly concentrated on measuring the impact of the ransomware attack, prevention, encryption detection, decryption, or data recovery, thereby providing little or no benefit to the less tech savvy populace as a detailed breakdown of the mode of attack is rarely examined. This article analyses the LockBit 3.0 attack techniques with a contextual illustration of the attack on Advanced Computer Software group. With the NHS being a major client of the organisation, and its services alongside 15 other clients being crippled for hours during the attack, attention is drawn to how dreadful such disruption may be in critical organisations. We observed that the upgrade of Lockbit based on releasing newer versions is in a bid to continuously ensure the malware's efficiency - a virtue that keeps it at the zenith - by staying ahead of improved defenses. Our study highlights social engineering as a vibrant portal to Lockbit's maliciousness and indicates an investment in detection systems may profit more than in prevention systems. Therefore, further research should consider improving detection systems against Lockbit 3.0.
READ FULL TEXT