Six Defence Strategies to Combat the Resurgence of LockBit Ransomware

What’s common between Subway, Boeing, and the UK’s Royal Mail?

They all were victims of one of the most prolific ransomware groups—Lockbit—which made millions by holding critical data hostage. In February 2024, a closely coordinated crackdown orchestrated by the UK’s National Crime Agency and investigators from 10 legal forces around the world put Lockbit’s systems out of order, successfully curtailing the group’s cyber-crime activities.

Within a month, LockBit has resurfaced with a new-leak website and restored infrastructure, posting snippets of data it has hacked into again. The Lockbit ransomware, presumed defeated, has returned with new tactics, targeting organizations with sophisticated attack mechanisms that could easily circumvent current security bulwarks. Its resurgence underscores the need for proactive defense measures to thwart ransomware threats effectively.

Six Cybersecurity Strategies to Fend Off Lockbit Ransomware Attacks

Persistent, with a 30-plus-year legacy of driving enterprise security, offers end-to-end security services and capabilities that play a crucial role in helping customers fight ransomware threats. These are:

• Endpoint Security as a Service: Persistent implements advanced endpoint protection solutions to detect and block ransomware at the endpoint level. We continuously monitor endpoints for suspicious activity and indicators of compromise (IOCs). Our endpoint detection and response (EDR) capabilities to quickly identify and contain ransomware attacks.
• Red Teaming and Purple Teaming: We conduct red team exercises to simulate real-world ransomware attacks and identify potential vulnerabilities in the client’s security posture. We collaborate with the client’s blue team through purple team exercises to improve detection, response, and resilience against ransomware threats.
• Attack Simulation: We perform attack simulations, including ransomware scenarios, to assess the effectiveness of the client’s security controls and incident response procedures, identify gaps and weaknesses in the security defenses, and provide recommendations for remediation.
• Extended Detection and Response (XDR): We implement XDR solutions that provide holistic visibility across endpoints, networks, and cloud environments through advanced analytics and machine learning algorithms that detect and respond to ransomware threats in real time. We also leverage threat intelligence feeds to enhance detection capabilities and identify emerging ransomware variants.
• Next-Gen SOC/Cyber Fusion Center (CFC): Our CFC is equipped with advanced security analytics, automation, and orchestration capabilities. We monitor the client’s environment 24/7 for signs of ransomware activity and respond promptly to alerts and incidents. Through threat hunting techniques, we proactively search for indicators of ransomware threats and adversary behavior.
• Incident Response: We follow incident response procedures to quickly isolate infected systems, preserve evidence, and restore operations. We also provide guidance and support to the clients throughout the incident response process, including communication with stakeholders and regulatory authorities.

Developing ransomware response plans must be a collaborative pursuit betweensecurity teams and IT, legal, and business stakeholders. By working together, these teams can ensure coordinated action in the event of an attack, minimizing the potential impact of the attack and helping revert to normal operations as soon as possible. Sharing threat intelligence and best practices through industry forums and information-sharing platforms enables collective defense against ransomware attacks and helps others stay informed about the latest threats.

Fighting Ransomware with the Right Expertise

In the face of the Lockbit Ransomware resurgence and similarly evolving threats, enterprises need advanced cybersecurity techniques to defend their data and applications effectively. As a 360-degree security partner with strategic ties with leading security solution providers, Persistent can help devise a strategy that enhances business resilience and mitigates the impact of ransomware attacks, safeguarding critical assets and ensuring business continuity.

Persistent Intelligent Cyber Recovery (PiCR) is not just another disaster recovery solution. Together with Google Cloud, we have created a cyber recovery offering to enable faster yet safe recovery from cyberattacks. The approach includes customized process development, cutting-edge technologies – leveraging Actifio, Google Cloud Platform, and Persistent IPs – and managed cyber recovery and operations. Persistent Intelligent Cyber recovery (PiCR) provides an environment for secure recovery and return to operations by leveraging network isolation, immutable storage, and Intelligent analysis and detection.

PiCR helps enterprises:

• Avoid costly creation of in-house recovery services and instead leverage decades of expertise in recovery and cyber resilience
• Accelerate the recovery times of business-critical applications using proven IP and assets without having to “pay the ransom”
• Detect and eliminate attackers with robust anomaly detection to identify the early signs of attack and take action before attackers gain a foothold
• Leverage expert advice to evaluate your business and technology stack, creating customized data protection solutions for your organization
• Prepare for the worst cyber attackers can throw at you by implementing disaster recovery using secure cloud services backed by Google Cloud

Learn more about PiCR here. To bolster your ransomware defense mechanisms, contact us here.