US and international cybersecurity authorities said in a joint LockBit ransomware advisory that the gang managed to extort around $91 million following around 1,700 attacks on US organizations since 2020.

This Ransomware-as-a-Service (RaaS) operation was the top global ransomware threat of 2022, with the highest number of victims claimed on their data leak site, US authorities and international partners in Australia said. in Canada, United Kingdom, Germany, France and New Zealand.

According to reports received by MS-ISAC throughout the last year, approximately 16% of ransomware incidents affecting state, local, tribal, and court (SLTT) governments were LockBit attacks.

In these incidents, LockBit affiliates have targeted city governments, county governments, public institutions of higher learning, K-12 schools, and emergency services such as law enforcement.

“In 2022, LockBit was the most deployed ransomware variant globally and continues to be prolific in 2023,” the joint advisory said. warns.

“Since January 2020, affiliates using LockBit have attacked organizations of varying sizes across a range of critical infrastructure sectors, including financial services, food and agriculture, education, energy, government services and emergency, health care, manufacturing and transportation.”

Today’s advisory includes a list of approximately 30 free and open source tools and a detailed MITER ATT&CK mapping of over 40 tactics, techniques, and procedures (TTPs) employed by LockBit affiliates during attacks.

Cybersecurity authorities have shared Commonly Observed Vulnerabilities and Exposures (CVEs) exploited by LockBit and an in-depth exploration of the evolutionary trajectory of the LockBit RaaS operation since its first appearance in September 2019.

The joint advisory also provides recommended mitigations to help defenders thwart LockBit activity targeting their organizations.

“The FBI encourages all organizations to review this CSA and implement the recommended mitigations to better defend against threat actors using LockBit. If you believe you may be the victim of a cybercrime, please contact your local office from the FBI,” said Bryan Vorndran, deputy director of the FBI’s cyber division, today.

LockBit ransomware appeared in September 2019 as a ransomware-as-a-service (RaaS) operation and resurfaced as LockBit 2.0 RaaS in June 2021 in response to the banning of ransomware groups on cybercrime forums.

In a February 2022 Flash Alertthe FBI shared LockBit’s indicators of compromise and advised victims to urgently report any LockBit attacks.

Several months later, LockBit 3.0 has been unveiled with notable upgrades such as Zcash cryptocurrency payment options, innovative extortion tactics, and the first ransomware bug bounty program.

Since then, LockBit has claimed several high-profile casualties around the world, including the Continental Automotive GiantTHE Italian Internal Revenue ServiceTHE UK Royal Mailand the City of Oakland.