The Industrial and Commercial Bank of China (ICBC) faced a cyberattack orchestrated by the infamous Lockbit group, continuing its menacing global campaign against some of the world’s largest organizations. With a track record dating back to 2020, Lockbit has risen to prominence as the foremost ransomware threat globally, leaving more than 1,700 American organizations grappling with the aftermath of its attacks across various sectors, including finance, food, education, transportation, and government.
Originally surfacing in 2020 on Russian-language cybercrime forums, Lockbit sparked initial speculation about its potential ties to Russia. However, the group has remained unaffiliated with any government, asserting its independence. Lockbit’s self-proclaimed base in the Netherlands, as stated on its dark web blog, positions the group as apolitical, emphasizing its sole motivation of financial gain.
Over the past three years, Lockbit’s disruptive attacks have garnered global attention, with the United States bearing the brunt of its activities. Targets range from financial institutions like banks and hedge funds to industrial giants such as Boeing. A recent breach at Boeing saw Lockbit leaking sensitive data from the aerospace company’s systems, underscoring the audacity and capabilities of the cybercriminal group.
Lockbit’s primary tactic involves infecting an organization’s systems with ransomware, encrypting valuable data and coercing victims into paying a ransom in cryptocurrency for data decryption. The group exploits the anonymity and difficulty of tracing cryptocurrency transactions to their advantage. In response, a coalition of 40 countries, led by the United States, is actively sharing intelligence on the cryptocurrency wallet addresses associated with these criminals, aiming to disrupt the financial aspects of ransomware operations.
Maintaining a dark web presence, Lockbit regularly updates a gallery of victim organizations, complete with digital countdown clocks indicating the remaining time to meet ransom demands. The consequences of non-payment involve the public release of sensitive data. Some victimized organizations choose to engage cybersecurity firms in private negotiations to identify leaked data and settle ransom amounts over an extended period.
Notably, not all victims appear on Lockbit’s blog, as some prefer discreet negotiations. The ICBC’s US unit, currently recovering from the breach, did not feature on Lockbit’s blog as of the latest update.
Crucial to Lockbit’s success is its network of “affiliates” – like-minded criminal groups recruited to launch attacks using Lockbit’s digital extortion tools. The group’s website proudly showcases its hacking achievements and outlines a set of rules for potential collaborators, advising applicants to secure endorsements from individuals already associated with Lockbit. This intricate web of alliances among cybercriminal groups poses challenges in tracking hacking activities and ransom attempts, with each attack varying in tactics and techniques.
