Office: +264 61 222 666
Office Hours Mon - Fri: 08:00AM - 05:00PM Weekend: Closed
Address C/O Fidel Castro & Rev. Michael Scott Street, Windhoek
Email: info@nam-csirt.na
Private Bag: 13309, Windhoek, Namibia, 10005
Report Security Incidents
Download RFC 2350
Download RFC 2350
DOWNLOAD RFC 2350

Lockbit 3.0 Ransomware: What you Need To Know

NAM-CSIRT > News > News > Lockbit 3.0 Ransomware: What you Need To Know

15 JANUARY 2025 – WINDHOEK

Ransomware is a type of malicious software (malware) designed to block access to a computer system or its data until a ransom has been paid. It is targeted against individuals, corporations, governments among others. Once a ransomware attack occurs victims usually find their files encrypted with a payout message attached to them and the payment is often in the form of a cryptocurrency. This attack can cripple an economy if critical infrastructure is impacted, and businesses are often forced to shut down due to fines from global institutions.

Meet LockBit 3.0
LockBit 3.0 is the latest version of the infamous LockBit Vishya. It is a faction of hackers, who are well organised and have been proficient at developing newer variants of the ransomware software. Hacking LockBit 3.0 is more difficult than its predecessors, as it has been made faster, stealthier, and more agile. LockBit 3.0 is undoubtedly a big shift in ransomware development, and competition within space is only expected to increase as more threat actors are enhancing their code to be more sophisticated.

How Does LockBit 3.0 Attack?
The primary infection vectors of LockBit 3.0 are e-mail attachments containing malicious hyper-links, phishing pages and compromised websites. Once the device has been infected with the ransomware, it contacts a single point of contact over the internet and scans the network for its master. When a connection is established with the Master server, it scans the system and encrypts the files leaving a ransomware note with instructions. The attackers, prior to encryption of files, would exfiltrate as much data possible and use the threat of public embarrassment as a push factor for demanding a ransom. LockBit 3.0 uses vulnerable or poorly secured systems to gain access, it also uses soft extracted Remote Desktop Protocols (RDP) to remain undetected within the victim’s environment.

Why Is LockBit 3.0 Different?
LockBit 3.0 introduces unique features that set it apart from earlier versions and other ransomware families. It incorporates advanced evasion techniques to avoid detection by anti-virus software and other security tools. Additionally, it supports multiple languages, allowing it to target victims worldwide. LockBit 3.0’s creators have also introduced a bug bounty program, offering rewards to anyone who identifies flaws in the ransomware or its infrastructure. This unusual approach demonstrates their confidence and commitment to improving their malicious software.

Who Has Been Affected?
LockBit 3.0 has impacted organisations across various sectors, including healthcare, finance, manufacturing, and government agencies. The ransomware’s victims range from small businesses to large institutions, often chosen based on their perceived ability to pay. High-profile incidents have highlighted the devastating consequences of these attacks, from data breaches to prolonged service outages. The widespread nature of LockBit 3.0 underscores the need for enhanced cybersecurity measures.

How Can You Stay Safe?
Protecting yourself or your organisation from LockBit 3.0 requires a proactive approach. Here are some key steps:
•     Conduct employee cybersecurity awareness training e.g. phishing awareness,
•     Enforce multi-factor authentication on all systems and applications,
•     Avoid visiting suspicious or unsecured websites,
•     Implement regular systems and data backups,
•     Ensure systems and applications software updates,
•     Enforce strong password policy,
•     Implement advanced endpoint detect, and response tools, and
•     Avoid opening suspicious links and attachments or responding to emails from unknown sources

Why Ransomware Keeps Increasing
Ransomware attacks continue to rise due to several factors. First, the anonymity of cryptocurrency makes it easier for cyber criminals to demand and receive payments. Second, the Ransomware as a Service (RaaS) model lowers entry barriers, allowing less skilled hackers to launch attacks. Lastly, many organisations still lack robust cybersecurity defences, making them easy targets. As long as ransomware remains profitable and challenging to trace, it will remain a preferred tool for cyber criminals.

What is Next/Recommendations?
The future of ransomware, including LockBit 3.0, will likely involve even more advanced tactics. To stay ahead, individuals and organisations must prioritise cybersecurity. Governments and international bodies also need to strengthen regulations and collaborate to disrupt ransomware networks. Here are some recommendations:
•     Adopt Zero Trust
•     Invest in Threat Intelligence
•     Promote Cyber Security Awareness

By taking these steps, we can reduce the impact of ransomware like LockBit 3.0 and build a more secure digital future.

ENDS

Issued By:
Mr. Ednard Toivo
Cybersecurity Specialist
Communications Regulatory Authority of Namibia (CRAN)
Tel: +264 61 222 666
Email: Communication@cran.na

Author: thomas

Leave a Reply

Copyright © 2025 Namibia Cyber Security Incident Response Team (NAM-CSIRT)