FBI Publishes Indicators of Compromise for LockBit 2.0 Ransomware

Flash bulletin alert includes mitigation strategies for defending against the ransomware.

Dark Reading Staff, Dark Reading

February 7, 2022

1 Min Read
Dark Reading logo in a gray background | Dark Reading

The FBI today issued a flash bulletin that details the specific indicators of compromise (IoCs) associated with LockBit 2.0, whose operators offer the ransomware variant via a ransomware-as-a-service model.

LockBit 2.0 moves quickly, mainly because it can automatically encrypt devices in a Windows domain using Active Directory (AD) group policies. The ransomware attackers using LockBit often also threaten to leak stolen victim data on their doxxing site if the victim doesn't pony up with their ransom demands. According to the FBI, LockBit 2.0 is "a heavily obfuscated ransomware application leveraging bitwise operations to decode strings and load required modules to evade detection."

The FBI bulletin also includes specific steps organizations can take to minimize their vulnerability to an attack by the ransomware, including the usual key defenses, such as employing multifactor and strong authentication, updating software, using network segmentation, restricting user privileges to admin accounts, running a host-based firewall that limits connects to admin shares, ensuring offline data backups, and other best practices.

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights