LockBit Ransomware Campaign: New Suspect
Lockbit ransomware campaign, the variant that has been known to target healthcare in the past, is back on the radar. Thus, the Department of Justice reported that on November 15, 2022, the alleged charge of involvement in the global LockBit ransomware campaign was brought against Mikhail Vasiliev, a dual Russian and Canadian national.
According to the press release the ransomware variant “has become one of the most active and destructive variants in the world” since it first became known around January 2020.
Since March 2020 the FBI has been investigating the ransomware campaign. More than 1,000 people in the US and abroad have been declared victims, and at least $100 million in demand were accumulated by LockBit members.
According to the Department of Justice, the accusation of Vasiliev was stated as a “conspiracy to intentionally damage protected computers and to transmit ransom demands.” He can get up to five years in prison if enough evidence is presented. Now he is arrested in Canada and is awaiting extradition to the US.
Here is what Deputy Attorney General Lisa O. Monaco says about it, “This arrest is the result of over two-and-a-half-years of an investigation into the LockBit ransomware group, which has harmed victims in the United States and around the world.”
“It is also a result of more than a decade of experience that FBI agents, Justice Department prosecutors, and our international partners have built dismantling cyber threats. Let this be yet another warning to ransomware actors: working with partners around the world, the Department of Justice will continue to disrupt cyber threats and hold perpetrators to account. With our partners, we will use every available tool to disrupt, deter, and punish cyber criminals.”
A flash alert containing circumstantial indicators of compromise associated with LockBit 2.0, the second iteration of LockBit, the second iteration of LockBit was released by the Federal Bureau of Investigation in February 2022. Due to unpatched vulnerabilities, zero-days, and insider access LockBit 2.0 ransomware is known to compromise victim networks.
HHS warned further, "Although the LockBit 2.0 cybercrime gang claims to not attack healthcare organizations, all ransomware continues to act as a major cyber threat against the US Healthcare and Public Health Sector."
Faced with all these threats, HHS reminded healthcare organizations of standard ransomware prevention best practices, such as using multi-factor authentication, enforcing strong passwords, and establishing a comprehensive data backup program.