{"id":12062,"date":"2023-12-01T02:41:10","date_gmt":"2023-12-01T09:41:10","guid":{"rendered":"https:\/\/webdev.securin.xyz\/?p=12062"},"modified":"2024-03-04T11:16:53","modified_gmt":"2024-03-04T18:16:53","slug":"all-about-lockbit-ransomware","status":"publish","type":"post","link":"https:\/\/webdev.securin.xyz\/articles\/all-about-lockbit-ransomware\/","title":{"rendered":"All About LockBit Ransomware"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"12062\" class=\"elementor elementor-12062\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-7315a35f elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"7315a35f\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-401d08f1\" data-id=\"401d08f1\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-7b8ed04 elementor-widget elementor-widget-text-editor\" data-id=\"7b8ed04\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>Originally Published on Mar 23, 2022.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-f2ab461 elementor-widget elementor-widget-text-editor\" data-id=\"f2ab461\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><b>LockBit Ransomware is one of the few ransomware groups employing self-spreading malware technology and double encryption. After its recent attacks on the <\/b><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/boeing-confirms-cyberattack-amid-lockbit-ransomware-claims\/#google_vignette\" target=\"_blank\" rel=\"noopener\"><b>Aerospace giant, Boeing<\/b><\/a><b>, the <\/b><a href=\"https:\/\/securityaffairs.co\/wordpress\/133640\/cyber-crime\/lockbit-ransomware-italian-revenue-agency.html?web_view=true\" target=\"_blank\" rel=\"noopener\"><b>Italian Revenue Agency<\/b><\/a><b> and digital security giant, <\/b><a href=\"https:\/\/securityaffairs.co\/wordpress\/133640\/cyber-crime\/lockbit-ransomware-italian-revenue-agency.html?web_view=true\" target=\"_blank\" rel=\"noopener\"><b>Entrust<\/b><\/a><b>, LockBit has only gained momentum, as they hunt for their next victim. Read on to learn how to protect your network from LockBit attacks. <\/b><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4597bed elementor-widget elementor-widget-text-editor\" data-id=\"4597bed\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\">One of the most prolific ransomware groups in recent times, LockBit ransomware began its spree of attacks as recently as September 2019. The group is financially motivated and does not shy away from going after bigger, high-profile enterprises and companies. Their latest attack weapon is the CitrixBleed vulnerability (CVE-2023-4966) using which the group waged attacks on Industrial and Commercial Bank of China (ICBC), DP World, Allen &amp; Overy, and Boeing, among many others.<\/span><\/p><p><span style=\"font-weight: 400;\">LockBit is known for many of its unique characteristics &#8211; sophisticated technology, extortion methods, and high-severity cyber attacks. The group is backed by hundreds of affiliates who take care of the \u2018breakin in\u2019 phase, aka,\u00a0 infiltration into vulnerable networks. Thereon, LockBit operators depend on their ransomware code, which has today become one of the best for stealthily creeping through networks, before adopting multiple effective extortion strategies.\u00a0<\/span><\/p><p><span style=\"font-weight: 400;\">LockBit\u2019s attack presence is seen globally, including Australia, Canada, New Zealand and the United States.\u00a0 Intermittently, the attack spree pauses for a brief period during which their ransomware technology receives superior upgrades, ready to combat advancements in a company\u2019s defense. Their recent attack strategy and frequency makes LockBit a formidable predator in the cyber realm and a determined adversary.<\/span><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-07075c5 elementor-widget elementor-widget-spacer\" data-id=\"07075c5\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<section class=\"elementor-section elementor-inner-section elementor-element elementor-element-1479658 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"1479658\" data-element_type=\"section\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-inner-column elementor-element elementor-element-59c996f\" data-id=\"59c996f\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-25b957a elementor-widget elementor-widget-heading\" data-id=\"25b957a\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">In This Blog:<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-261847d elementor-widget elementor-widget-text-editor\" data-id=\"261847d\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ul><li style=\"font-weight: 400;\" aria-level=\"1\"><a href=\"#How-Dangerous-is-LockBit-Ransomware\"><span style=\"font-weight: 400;\">How Dangerous is LockBit Ransomware?<\/span><\/a><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><a href=\"#Ransomware-Variants\"><span style=\"font-weight: 400;\">Ransomware Variants<\/span><\/a><\/li><li aria-level=\"1\"><a href=\"#How-Does-LockBit-Ransomware-Attack\">How Does LockBit Ransomware Attack?<\/a><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><a href=\"#LockBit-Ransomware-Techniques\"><span style=\"font-weight: 400;\">LockBit Ransomware MITRE ATT&amp;CK Techniques<\/span><\/a><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><a href=\"#Cheat-Sheet\"><span style=\"font-weight: 400;\">LockBit Cheat Sheet<\/span><\/a><ul><li style=\"font-weight: 400;\" aria-level=\"2\"><a href=\"#Vulnerability-Details\"><span style=\"font-weight: 400;\">Vulnerability Details<\/span><\/a><\/li><li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\"><a href=\"#Recent-Attacks\">Recent Attacks<\/a>\u00a0<\/span><\/li><\/ul><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><a href=\"#How-to-Detect-LockBit\"><span style=\"font-weight: 400;\">How to Detect LockBit in Your Environment<\/span><\/a><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><a href=\"#How-to-Prevent-Attack\"><span style=\"font-weight: 400;\">What can Organizations do to Prevent a LockBit Attack?<\/span><\/a><\/li><\/ul>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<div class=\"elementor-element elementor-element-40c5780 elementor-widget elementor-widget-spacer\" data-id=\"40c5780\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-acad8ad elementor-widget elementor-widget-menu-anchor\" data-id=\"acad8ad\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"menu-anchor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-menu-anchor\" id=\"How-Dangerous-is-LockBit-Ransomware\"><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2cefda6 elementor-widget elementor-widget-heading\" data-id=\"2cefda6\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">How Dangerous is LockBit Ransomware?<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-55f959c elementor-widget elementor-widget-text-editor\" data-id=\"55f959c\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p dir=\"ltr\" style=\"text-align: left;\"><span style=\"font-weight: 400;\">Being one of the most active ransomware groups today, LockBit has a variety of tactics and technologies to attack the biggest agencies in any industry. Here are some tools, techniques, and procedures that make LockBit a dangerous adversary:<\/span><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<section class=\"elementor-section elementor-inner-section elementor-element elementor-element-1a89037 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"1a89037\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-inner-column elementor-element elementor-element-b73d78f\" data-id=\"b73d78f\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-216fd1a elementor-widget elementor-widget-text-editor\" data-id=\"216fd1a\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div id=\"code_area\" style=\"text-align: left;\">\n<ul>\n \t<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\"><strong>StealBit:<\/strong> The threat gang introduced StealBit, a malware tool used for encryption in the LockBit 2.0 version. It is believed to be the fastest and most efficient encryption tool.<\/p>\n<\/li>\n<\/ul>\n<div id=\"code_area\" style=\"text-align: left;\">\n<ul>\n \t<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\"><span style=\"font-weight: 400;\"><strong>Spreads Fast:<\/strong> StealBit spreads to other devices in the network automatically, using tools like Windows Powershell <span style=\"font-weight: 400;\">and <\/span>Server Message Block (SMB)<span style=\"font-weight: 400;\">, which makes it difficult to confine immediately.\u00a0<\/span><\/span><\/p>\n<\/li>\n<\/ul>\n<div id=\"code_area\" style=\"text-align: left;\">\n<ul>\n \t<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\"><span style=\"font-weight: 400;\"><strong>Attacks Windows and Linux:<\/strong> Initially, they had targeted only Windows systems, but LockBit 2.0 was improvised to attack Linux systems as well.<\/span><\/p>\n<\/li>\n<\/ul>\n<div id=\"code_area\" style=\"text-align: left;\">\n<ul>\n \t<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\"><span style=\"font-weight: 400;\"><strong>Evasion Tactics:<\/strong> Their<\/span> evasion tactics <span style=\"font-weight: 400;\">are well strategized, making it hard to get flagged by the system defenses.<\/span><\/p>\n<\/li>\n<\/ul>\n<div id=\"code_area\" style=\"text-align: left;\">\n<ul>\n \t<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\"><span style=\"font-weight: 400;\"><strong>Bug Bounty:<\/strong> LockBit conducts bug bounty programs to improve their defenses and establish that they are professional hackers. Anyone who finds a flaw in their malware kit is rewarded generously.<\/span><\/p>\n<\/li>\n \t<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\"><strong>Marketing:<\/strong> They actively market towards affiliates to join them and carry out attacks. These marketing activities have garnered quite the attention and work well for the group in getting highly-skilled threat actors.<\/p>\n<\/li>\n \t<li dir=\"ltr\" aria-level=\"1\"><span style=\"font-weight: 400;\"><strong>ZCash:<\/strong> LockBit 3.0 introduced ZCash payment options for collecting ransom from victims, as well as for paying their affiliates, with less disruption from law enforcement.<\/span><\/li>\n<\/ul>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-inner-column elementor-element elementor-element-4958d97\" data-id=\"4958d97\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-0b8f3d0 elementor-widget elementor-widget-text-editor\" data-id=\"0b8f3d0\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div id=\"code_area\" style=\"text-align: left;\"><div id=\"code_area\" style=\"text-align: left;\"><div id=\"code_area\" style=\"text-align: left;\"><ul><li dir=\"ltr\" aria-level=\"1\"><p dir=\"ltr\" role=\"presentation\"><span style=\"font-weight: 400;\"><strong>Double Extortion:<\/strong> LockBit is known for its <\/span>double extortion technique<span style=\"font-weight: 400;\"> wherein they steal data and also encrypt the system data making it harder for victims to recover it.\u00a0<\/span><\/p><\/li><\/ul><div id=\"code_area\" style=\"text-align: left;\"><ul><li dir=\"ltr\" aria-level=\"1\"><p dir=\"ltr\" role=\"presentation\"><span style=\"font-weight: 400;\"><strong>Triple Extortion:<\/strong> In August 2022, LockBit announced that it would use <\/span>triple extortion<span style=\"font-weight: 400;\"> on its victims via data leaks, encryption, and DDoS attacks.<\/span><\/p><\/li><\/ul><div id=\"code_area\" style=\"text-align: left;\"><ul><li dir=\"ltr\" aria-level=\"1\"><p dir=\"ltr\" role=\"presentation\"><span style=\"font-weight: 400;\"><strong>File Deletion:<\/strong> A notable tactic of the third version of LockBit includes a file deletion technique, where instead of using cmd.exe to execute a batch file to perform the deletion.<\/span><\/p><\/li><li dir=\"ltr\" aria-level=\"1\"><p><strong>Exfiltrator-22:<\/strong> A new attack framework was created by affiliates of the former LockBit 3.0 operation that includes features found commonly in other post-exploitation toolkits, but has added features that enhance ransomware deployment and data theft. The EX-22, as it is referred to, is designed to spread ransomware quickly in corporate networks while evading detection.<\/p><\/li><li dir=\"ltr\" aria-level=\"1\"><p><strong>AV and EDR:<\/strong> The LockBit ransomware group started a <a href=\"https:\/\/www.fortinet.com\/blog\/threat-research\/emerging-lockbit-campaign?&amp;web_view=true\" target=\"_blank\" rel=\"noopener\">campaign<\/a> in early January 2023, that used combinations of techniques effective against AV and EDR solutions.<\/p><\/li><li dir=\"ltr\" aria-level=\"1\"><p><strong>Exfiltrate Data:<\/strong> In a recent campaign, the LockBit gang introduced a new method to allow it to exfiltrate data from high-profile organizations by <a href=\"https:\/\/cyware.com\/news\/lockbit-introduces-new-method-to-bypass-motw-protection-32a22ae1\" target=\"_blank\" rel=\"noopener\">bypassing the Mark of The Web (MOTW)<\/a> protection mechanism.<\/p><\/li><\/ul><\/div><\/div><\/div><\/div><\/div>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<div class=\"elementor-element elementor-element-184f8f3 elementor-widget elementor-widget-text-editor\" data-id=\"184f8f3\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ul><li><span style=\"font-weight: 400;\"><strong>Avoids Certain Languages:<\/strong> LockBit 3.0 also checks the victim\u2019s UI language before carrying out an attack. They avoid infecting systems with the following languages:<\/span><\/li><\/ul>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<section class=\"elementor-section elementor-inner-section elementor-element elementor-element-0851a9b elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"0851a9b\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-33 elementor-inner-column elementor-element elementor-element-10ab1c3\" data-id=\"10ab1c3\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-26287f0 elementor-widget elementor-widget-text-editor\" data-id=\"26287f0\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ul><li dir=\"ltr\" role=\"presentation\">Arabic (Syria)<\/li><li dir=\"ltr\" role=\"presentation\">Armenian (Armenia)<\/li><li dir=\"ltr\" role=\"presentation\">Azerbaijani (Cyrillic Azerbaijan)<\/li><li dir=\"ltr\" role=\"presentation\">Azerbaijani (Latin Azerbaijan)<\/li><li dir=\"ltr\" role=\"presentation\">Belarusian (Belarus)<\/li><li>Georgian (Georgia)<\/li><\/ul>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-33 elementor-inner-column elementor-element elementor-element-9ec59ec\" data-id=\"9ec59ec\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-e683d6f elementor-widget elementor-widget-text-editor\" data-id=\"e683d6f\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ul><li dir=\"ltr\" role=\"presentation\">Kazakh (Kazakhstan)<\/li><li dir=\"ltr\" role=\"presentation\">Kyrgyz (Kyrgyzstan)<\/li><li dir=\"ltr\" role=\"presentation\">Romanian (Moldova)<\/li><li dir=\"ltr\" role=\"presentation\">Russian (Moldova)<\/li><li dir=\"ltr\" role=\"presentation\">Russian (Russia)<\/li><li>Tajik (Cyrillic Tajikistan)<\/li><\/ul>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-33 elementor-inner-column elementor-element elementor-element-4a96f75\" data-id=\"4a96f75\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-eb592f4 elementor-widget elementor-widget-text-editor\" data-id=\"eb592f4\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ul><li dir=\"ltr\" role=\"presentation\">Turkmen (Turkmenistan)<\/li><li dir=\"ltr\" role=\"presentation\">Tatar (Russia)<\/li><li dir=\"ltr\" role=\"presentation\">Ukrainian (Ukraine)<\/li><li dir=\"ltr\" role=\"presentation\">Uzbek (Cyrillic Uzbekistan)<\/li><li dir=\"ltr\" role=\"presentation\">Uzbek (Latin Uzbekistan)<\/li><\/ul>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<div class=\"elementor-element elementor-element-bf51382 elementor-widget elementor-widget-spacer\" data-id=\"bf51382\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9388840 elementor-widget elementor-widget-menu-anchor\" data-id=\"9388840\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"menu-anchor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-menu-anchor\" id=\"Ransomware-Variants\"><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2143372 elementor-widget elementor-widget-heading\" data-id=\"2143372\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Ransowmare Variants<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6bf2c71 elementor-widget elementor-widget-text-editor\" data-id=\"6bf2c71\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\">LockBit started out as an ABCD crypto virus in 2019. LockBit\u2019s primary targets were private enterprises and government organizations in the United States, China, India, Indonesia, Ukraine, and Europe with crypto as the form of demanded ransom. In 2019 and 2020, Windows systems in healthcare and financial institutions bore the brunt of LockBit attacks. The Ransomware group took a brief hiatus to work on their malware kit and to improve their operations. Thus far, two other LockBit versions have been released with attack methodologies superior to the preceding ones.\u00a0<\/span><\/p><p><strong>LockBit version 2.0<\/strong><\/p><p><span style=\"font-weight: 400;\">LockBit version 2.0 was released in June 2021 and was used for attacks in Chile, Taiwan, and the UK. In this version, LockBit introduced the double extortion technique and automatic encryption of devices across Windows domains. In October 2021, LockBit began infiltrating Linux servers as well, targeting ESXi servers.\u00a0<\/span><\/p><p><strong>LockBit version 3.0 (LockBit Black)<\/strong><\/p><p dir=\"ltr\" style=\"text-align: left;\"><span style=\"font-weight: 400;\">In June 2022, LockBit released yet another upgraded version of the ransomware with a <\/span><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/lockbit-30-introduces-the-first-ransomware-bug-bounty-program\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">bug bounty program<\/span><\/a><span style=\"font-weight: 400;\">, Zcash payments, and new extortion tactics. The new version derives from other ransomware such as BlackMatter and DarkSide and has anti-analysis techniques to evade detection, passwordless execution, and in-built command-line argument feature. <\/span><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a0c0dd1 elementor-widget elementor-widget-text-editor\" data-id=\"a0c0dd1\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><img decoding=\"async\" class=\"aligncenter\" style=\"width: 550px; height: 309px;\" src=\"https:\/\/cybersecurityworks.com\/howdymanage\/uploads\/image\/blogs\/allaboutlockbit\/1664373962336.png\" alt=\"\" \/><\/p><p style=\"text-align: center;\"><em>A desktop wallpaper applied by LockBit 3.0 on a victim\u2019s system<\/em><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-f438fae elementor-widget elementor-widget-text-editor\" data-id=\"f438fae\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\">This new version of the ransomware was used in the <\/span><a href=\"https:\/\/cybersecurityworks.com\/blog\/cyber-risk\/csws-threat-intelligence-july-25-2022-july-29-2022.html#LockBit%20Ransomware%20got%20an%20upgrade!\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">attacks on the Italian Revenue Agency<\/span><\/a><span style=\"font-weight: 400;\"> and a county office in Ontario, Canada. In this version, LockBit has included Denial-of-Service attacks as a method to extort from victims in addition to encryption and data leaks.<\/span><\/p><p><span style=\"font-weight: 400;\">In September 2022, an allegedly disgruntled developer leaked the builder for LockBit 3.0\u2019s encryptor on Twitter. The developer was reportedly unhappy with the group\u2019s leadership and leaked the private data. This is a blow to the ransomware group as the builder data allows anyone to start their own ransomware kit with an encryptor, decryptor, and specialized tools to launch the decryptor in certain ways. Based on the leaked builder, Bl00dy ransomware gang has developed encryptors and has been using them in an attack on an Ukrainian entity in September 2022. <\/span><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ea48fce elementor-widget elementor-widget-spacer\" data-id=\"ea48fce\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c12db88 elementor-widget elementor-widget-menu-anchor\" data-id=\"c12db88\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"menu-anchor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-menu-anchor\" id=\"How-Does-LockBit-Ransomware-Attack\"><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-74034ad elementor-widget elementor-widget-heading\" data-id=\"74034ad\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">How Does LockBit Ransomware Attack?<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4fbfafb elementor-widget elementor-widget-text-editor\" data-id=\"4fbfafb\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>LockBit has undergone three version revisions; the latest version uses sophisticated attack techniques. Let us take a look:<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6642bd5 elementor-widget elementor-widget-image\" data-id=\"6642bd5\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<img fetchpriority=\"high\" decoding=\"async\" width=\"2560\" height=\"1032\" src=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2022\/03\/LockBit_Attack-Methodology-scaled-1.jpg\" class=\"attachment-full size-full wp-image-20175\" alt=\"\" srcset=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2022\/03\/LockBit_Attack-Methodology-scaled-1.jpg 2560w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2022\/03\/LockBit_Attack-Methodology-scaled-1-300x121.jpg 300w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2022\/03\/LockBit_Attack-Methodology-scaled-1-1024x413.jpg 1024w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2022\/03\/LockBit_Attack-Methodology-scaled-1-768x310.jpg 768w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2022\/03\/LockBit_Attack-Methodology-scaled-1-1536x619.jpg 1536w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2022\/03\/LockBit_Attack-Methodology-scaled-1-2048x826.jpg 2048w\" sizes=\"(max-width: 2560px) 100vw, 2560px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-481e811 elementor-widget elementor-widget-text-editor\" data-id=\"481e811\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p style=\"text-align: center;\"><em>LockBit 2.0 Attack Methodology<\/em><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-54a1ae9 elementor-widget elementor-widget-spacer\" data-id=\"54a1ae9\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9c67ad6 elementor-widget elementor-widget-menu-anchor\" data-id=\"9c67ad6\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"menu-anchor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-menu-anchor\" id=\"LockBit-Ransomware-Techniques\"><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5b96550 elementor-widget elementor-widget-heading\" data-id=\"5b96550\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">LockBit Ransomware MITRE ATT&amp;CK Techniques<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-79e7a68 elementor-widget elementor-widget-image\" data-id=\"79e7a68\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"2560\" height=\"1305\" src=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2022\/03\/LockBit-Ransomware-MITRE-ATT_CK-scaled.jpg\" class=\"attachment-full size-full wp-image-20176\" alt=\"\" srcset=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2022\/03\/LockBit-Ransomware-MITRE-ATT_CK-scaled.jpg 2560w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2022\/03\/LockBit-Ransomware-MITRE-ATT_CK-300x153.jpg 300w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2022\/03\/LockBit-Ransomware-MITRE-ATT_CK-1024x522.jpg 1024w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2022\/03\/LockBit-Ransomware-MITRE-ATT_CK-768x391.jpg 768w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2022\/03\/LockBit-Ransomware-MITRE-ATT_CK-1536x783.jpg 1536w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2022\/03\/LockBit-Ransomware-MITRE-ATT_CK-2048x1044.jpg 2048w\" sizes=\"(max-width: 2560px) 100vw, 2560px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5a3a921 elementor-widget elementor-widget-spacer\" data-id=\"5a3a921\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-67b0c15 elementor-widget elementor-widget-menu-anchor\" data-id=\"67b0c15\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"menu-anchor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-menu-anchor\" id=\"Cheat-Sheet\"><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5b467a7 elementor-widget elementor-widget-heading\" data-id=\"5b467a7\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">LockBit: A Cheat Sheet<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6b9854e elementor-widget elementor-widget-text-editor\" data-id=\"6b9854e\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\">LockBit is available as a Ransomware-as-a-Service (RaaS), working with affiliates who carry out attacks-for-hire and split the funds between the LockBit developer team and the affiliates. Here is a look into LockBit\u2019s vulnerability arsenal:<\/span><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-dea8ad0 elementor-widget elementor-widget-text-editor\" data-id=\"dea8ad0\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div id=\"code_area\" style=\"text-align: left;\">\n<ul>\n \t<li dir=\"ltr\" aria-level=\"1\"><span style=\"font-weight: 400;\">LockBit has the means to exploit 14 CVEs overall which exist in popular products such as FortiOS, F5 Big IP, Microsoft Windows Server, and Microsoft Exchange, among others.\u00a0<\/span><\/li>\n<\/ul>\n<div id=\"code_area\" style=\"text-align: left;\">\n<ul>\n \t<li dir=\"ltr\" aria-level=\"1\"><span style=\"font-weight: 400;\">6 vulnerabilities can be exploited via public or external networks and used to run arbitrary code remotely<\/span><\/li>\n<\/ul>\n<div id=\"code_area\" style=\"text-align: left;\">\n<ul>\n \t<li dir=\"ltr\" aria-level=\"1\"><span style=\"font-weight: 400;\">6 vulnerabilities can be used to escalate privileges and gain access to unauthorized areas of the exposed network<\/span><\/li>\n<\/ul>\n<div id=\"code_area\" style=\"text-align: left;\">\n<ul>\n \t<li dir=\"ltr\" aria-level=\"1\"><span style=\"font-weight: 400;\">7 vulnerabilities allow for network infiltration through web applications<\/span><\/li>\n<\/ul>\n<div id=\"code_area\" style=\"text-align: left;\">\n<ul>\n \t<li dir=\"ltr\" aria-level=\"1\"><span style=\"font-weight: 400;\">The vulnerability arsenal includes the popular ProxyShell exploit chain (<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/cve-2021-34473\" target=\"_blank\" rel=\"noopener\">CVE-2021-34473<\/a>, <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-34523\" target=\"_blank\" rel=\"noopener\">CVE-2021-34523<\/a>, <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/cve-2021-31207\" target=\"_blank\" rel=\"noopener\">CVE-2021-31207<\/a>), the PaperCut exploit (<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-27350\" target=\"_blank\" rel=\"noopener\">CVE-2023-27350<\/a>), and the Citrix Bleed vulnerability (<a href=\"https:\/\/www.cisa.gov\/news-events\/cybersecurity-advisories\/aa23-325a\" target=\"_blank\" rel=\"noopener\">CVE-2023-4966<\/a>) that is recently seeing massive exploitation.\u00a0<\/span><\/li>\n<\/ul>\n<div id=\"code_area\" style=\"text-align: left;\">\n<ul>\n \t<li dir=\"ltr\" aria-level=\"1\"><span style=\"font-weight: 400;\"><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-22279\" target=\"_blank\" rel=\"noopener\">CVE-2022-22279<\/a> is a post-authentication vulnerability impacting end-of-life SonicWall Secure Remote Access (SRA) products and older firmware versions of Secure Mobile Access (SMA) 100 series. This calls to attention how discontinued products and often overlooked assets might pose a danger to organizations.<\/span><\/li>\n<\/ul>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a372906 elementor-widget elementor-widget-text-editor\" data-id=\"a372906\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\">Many of these vulnerabilities including <a href=\"https:\/\/www.cisa.gov\/news-events\/alerts\/2021\/08\/21\/urgent-protect-against-active-exploitation-proxyshell-vulnerabilities\" target=\"_blank\" rel=\"noopener\">CVE-2021-31207<\/a> and <a href=\"https:\/\/www.cisa.gov\/news-events\/cybersecurity-advisories\/aa23-325a\" target=\"_blank\" rel=\"noopener\">CVE-2023-4966<\/a> have been warned about by CISA in the #StopRansomware campaign owing to multiple attacks by LockBit and other ransomware groups.<\/span><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-388a7d8 elementor-widget elementor-widget-menu-anchor\" data-id=\"388a7d8\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"menu-anchor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-menu-anchor\" id=\"Vulnerability-Details\"><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-cb356f4 elementor-widget elementor-widget-image\" data-id=\"cb356f4\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"1650\" height=\"1655\" src=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2022\/03\/Lockbit_vulnerability_arsenal.jpg\" class=\"attachment-full size-full wp-image-20170\" alt=\"\" srcset=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2022\/03\/Lockbit_vulnerability_arsenal.jpg 1650w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2022\/03\/Lockbit_vulnerability_arsenal-300x300.jpg 300w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2022\/03\/Lockbit_vulnerability_arsenal-1021x1024.jpg 1021w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2022\/03\/Lockbit_vulnerability_arsenal-150x150.jpg 150w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2022\/03\/Lockbit_vulnerability_arsenal-768x770.jpg 768w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2022\/03\/Lockbit_vulnerability_arsenal-1531x1536.jpg 1531w\" sizes=\"(max-width: 1650px) 100vw, 1650px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-fd6935b elementor-widget elementor-widget-text-editor\" data-id=\"fd6935b\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div id=\"code_area\" style=\"text-align: left;\">\n<p style=\"text-align: center;\"><iframe class=\"airtable-embed\" style=\"background: transparent; border: 1px solid #ccc;\" src=\"https:\/\/airtable.com\/embed\/shrZmHMYUDMWczLox?backgroundColor=red&amp;viewControls=on\" width=\"100%\" height=\"533\" frameborder=\"0\"><\/iframe><\/p>\n\n<\/div>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-712debb elementor-widget elementor-widget-spacer\" data-id=\"712debb\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0f8c413 elementor-widget elementor-widget-menu-anchor\" data-id=\"0f8c413\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"menu-anchor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-menu-anchor\" id=\"Recent-Attacks\"><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-fc0bb0a elementor-widget elementor-widget-heading\" data-id=\"fc0bb0a\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Recent Attacks<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b922e80 elementor-widget elementor-widget-text-editor\" data-id=\"b922e80\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\tLet us look at some of the recent attacks staged by this prolific group.\n<div id=\"code_area\" style=\"text-align: left;\">\n<ul>\n \t<li dir=\"ltr\" aria-level=\"1\"><strong>Maximum Industries:<\/strong> This manufacturer <a href=\"https:\/\/www.theregister.com\/2023\/03\/13\/lockbit_spacex_ransomware\/?&amp;web_view=true\" target=\"_blank\" rel=\"noopener\">makes rocket parts<\/a> for SpaceX. The LockBit gang boasted about stealing 3,000 proprietary schematics as well as other blueprints in an attack in mid-March 2023.<\/li>\n<\/ul>\n<div id=\"code_area\" style=\"text-align: left;\">\n<ul>\n \t<li dir=\"ltr\" aria-level=\"1\"><strong>Essendant:<\/strong> A wholesale distributor of office goods had a <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/lockbit-ransomware-claims-essendant-attack-company-says-network-outage-\/\" target=\"_blank\" rel=\"noopener\">significant cyber attack<\/a> in March 2023. The LockBit group claimed responsibility on March 14.<\/li>\n<\/ul>\n<div id=\"code_area\" style=\"text-align: left;\">\n<ul>\n \t<li dir=\"ltr\" aria-level=\"1\"><strong>Housing Authority of the City of Los Angeles (<a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/la-housing-authority-discloses-data-breach-after-ransomware-attack\/\" target=\"_blank\" rel=\"noopener\">HACLA<\/a>):<\/strong> The state-chartered agency providing affordable housing to low-income individuals and families for the City of Los Angeles, warned of a cyber incident that was later attributed to the LockBit ransomware group.<\/li>\n<\/ul>\n<div id=\"code_area\" style=\"text-align: left;\">\n<ul>\n \t<li dir=\"ltr\" aria-level=\"1\"><strong>Aguas do Porto:<\/strong> A Portuguese municipal water utility company, <a href=\"https:\/\/securityaffairs.com\/142477\/cyber-crime\/lockbit-water-utility-aguas-do-porto.html?web_view=true\" target=\"_blank\" rel=\"noopener\">Aguas do Porto<\/a>, was hit by the ransomware group in February 2023. The company manages full water cycles inclusive of water supply and waste water drainage, public lighting and photovoltaic parks.<\/li>\n<\/ul>\n<div id=\"code_area\" style=\"text-align: left;\">\n<ul>\n \t<li dir=\"ltr\" aria-level=\"1\"><strong>Royal Mail:<\/strong> In early January 2023, the LockBit ransomware group breached systems of UK&#8217;s leading mail delivery service, <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/lockbit-ransomware-gang-claims-royal-mail-cyberattack\/\" target=\"_blank\" rel=\"noopener\">Royal Mail<\/a>, that led to disruption of package deliveries.<\/li>\n<\/ul>\n<div id=\"code_area\" style=\"text-align: left;\">\n<ul>\n \t<li dir=\"ltr\" aria-level=\"1\"><strong>Whitworth University:<\/strong> A private university in Washington <a href=\"https:\/\/www.govtech.com\/education\/higher-ed\/whitworth-university-still-recovering-from-ransomware-attack?&amp;web_view=true\" target=\"_blank\" rel=\"noopener\">suffered a LockBit ransomware attack<\/a> in July 2022, and all its operations were halted for over two weeks. The group claimed to have stolen 715 GB of Whitworth data relating to accounting, marketing, infrastructure, and documents.<\/li>\n<\/ul>\n<div id=\"code_area\" style=\"text-align: left;\">\n<ul>\n \t<li dir=\"ltr\" aria-level=\"1\"><strong>Italian Revenue Agency:<\/strong> The <a href=\"https:\/\/securityaffairs.co\/wordpress\/133640\/cyber-crime\/lockbit-ransomware-italian-revenue-agency.html?web_view=true\" target=\"_blank\" rel=\"noopener\">largest cyberattack<\/a> was perpetrated on the Italian Revenue Agency by the LockBit gang in July 2022. In this attack, 78 GB worth of data was stolen from the agency\u2019s servers. There are ongoing talks between the revenue agency and LockBit gang regarding ransom payments.<\/li>\n<\/ul>\n<div id=\"code_area\" style=\"text-align: left;\">\n<ul>\n \t<li dir=\"ltr\" aria-level=\"1\"><strong>Entrust:<\/strong> Security giant, <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/lockbit-claims-ransomware-attack-on-security-giant-entrust\/\" target=\"_blank\" rel=\"noopener\">Entrust\u2019s network was breached<\/a> in June 2022 and sensitive data was stolen by the LockBit ransomware gang. In an interesting twist, Entrust deployed Denial-of-Service malware on LockBit\u2019s servers preventing them from releasing the stolen data.<\/li>\n<\/ul>\n<div id=\"code_area\" style=\"text-align: left;\">\n<ul>\n \t<li dir=\"ltr\" aria-level=\"1\"><strong>Library Lending App, Onleihe:<\/strong> The online library faced an operational dysfunction after the service provider, EKZ,\u00a0 became a victim of a <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/online-library-app-onleihe-faces-issues-after-cyberattack-on-provider\/\" target=\"_blank\" rel=\"noopener\">cyberattack<\/a> in March 2022. Several affiliated websites, statistics pages, catalog data, and ID-Deliveries were impacted in the attack. There is no credible information on what data was stolen in the attack.<\/li>\n<\/ul>\n<div id=\"code_area\" style=\"text-align: left;\">\n<ul>\n \t<li dir=\"ltr\" aria-level=\"1\"><strong>Accenture:<\/strong> LockBit <a href=\"https:\/\/cybersecurityworks.com\/blog\/ransomware\/csw-analysis-accenture-attacked-by-lockbit-2-0-ransomware.html\" target=\"_blank\" rel=\"noopener\">attacked Accenture<\/a> in August 2021 and demanded $50 million as ransom. During this attack, some proprietary information was stolen and released on LockBit\u2019s leak site. For a detailed analysis of the attack, check out our <a href=\"https:\/\/cybersecurityworks.com\/blog\/ransomware\/csw-analysis-accenture-attacked-by-lockbit-2-0-ransomware.html\" target=\"_blank\" rel=\"noopener\">blog on how the Accenture attack unfolded<\/a>.<\/li>\n<\/ul>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b1bd372 elementor-widget elementor-widget-spacer\" data-id=\"b1bd372\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5b84b2c elementor-widget elementor-widget-menu-anchor\" data-id=\"5b84b2c\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"menu-anchor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-menu-anchor\" id=\"How-to-Detect-LockBit\"><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-565ddcc elementor-widget elementor-widget-heading\" data-id=\"565ddcc\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">How to Detect LockBit Ransomware in your Environment<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-49042d2 elementor-widget elementor-widget-text-editor\" data-id=\"49042d2\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p dir=\"ltr\" style=\"text-align: left;\">We provide a list of Indicators of Compromise (IoCs) that you can use to check your environment for the presence of any LockBit ransomware samples:<\/p><p style=\"text-align: justify;\"><iframe class=\"airtable-embed\" style=\"background: transparent; border: 1px solid #ccc;\" src=\"https:\/\/airtable.com\/embed\/shrW2A8ZMYVoZyXkH?backgroundColor=red&amp;viewControls=on\" width=\"100%\" height=\"533\" frameborder=\"0\" data-mce-fragment=\"1\"><\/iframe><\/p><h2 dir=\"ltr\" style=\"text-align: justify;\"><a id=\"How Do Organizations Prevent a LockBit Attack\" name=\"How Do Organizations Prevent a LockBit Attack\"><\/a><\/h2>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-52ff0b2 elementor-widget elementor-widget-spacer\" data-id=\"52ff0b2\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c3d6829 elementor-widget elementor-widget-menu-anchor\" data-id=\"c3d6829\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"menu-anchor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-menu-anchor\" id=\"How-to-Prevent-Attack\"><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-dd18369 elementor-widget elementor-widget-heading\" data-id=\"dd18369\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">How Do Organizations Prevent a LockBit Attack?<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-dfe9ed4 elementor-widget elementor-widget-text-editor\" data-id=\"dfe9ed4\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div id=\"code_area\" style=\"text-align: left;\"><ul><li dir=\"ltr\" aria-level=\"1\"><strong>Patch CVEs:<\/strong> <span style=\"font-weight: 400;\">More often than not, attackers infiltrate networks and gain access to systems via known, unpatched vulnerabilities. Follow advisories from your vendors and the CISA KEV advisories to patch all CVEs at the earliest. To stay ahead of attackers, follow advisories pertaining to CVEs critical to your organization.<\/span><\/li><\/ul><div id=\"code_area\" style=\"text-align: left;\"><ul><li dir=\"ltr\" aria-level=\"1\"><strong>Set Strong Passwords:<\/strong> <span style=\"font-weight: 400;\">Hackers can break into critical systems that do not implement complex passwords. It is essential that everyone accessing the network enables strong passwords and multi-factor authentication (MFA) to secure their logins.<\/span><\/li><\/ul><div id=\"code_area\" style=\"text-align: left;\"><ul><li dir=\"ltr\" aria-level=\"1\"><span style=\"font-weight: 400;\">\u00a0<\/span><strong>Remove Unnecessary Permissions:<\/strong> <span style=\"font-weight: 400;\">Increase the amount of restrictions on permissions to prevent potential dangers from being ignored. Pay specific attention to those accessible by IT accounts with admin-level permissions and endpoint users.<\/span><\/li><\/ul><div id=\"code_area\" style=\"text-align: left;\"><ul><li dir=\"ltr\" aria-level=\"1\"><strong>Be Vigilant Handling Links:<\/strong> <span style=\"font-weight: 400;\">Social engineering techniques such as phishing emails are one of the most common methods incorporated by ransomware groups to gain access for malware distribution. Clicking unknown links is always ill-advised.<\/span><\/li><\/ul><div id=\"code_area\" style=\"text-align: left;\"><ul><li dir=\"ltr\" aria-level=\"1\"><strong>Keep Tabs on your Attack Surface:<\/strong> <span style=\"font-weight: 400;\">Employ a solution that can scan your entire attack surface for weaknesses. Know and keep tabs on known and unknown devices connected to your broader network.<\/span><\/li><\/ul><p><span style=\"font-weight: 400;\">Organizations can keep attackers at bay by staying vigilant and ensuring that the above steps are strictly followed. A good way to do this is to employ an automated system that regularly scans for vulnerabilities and loopholes, and alerts the Chief Information Security Officers.<\/span><\/p><\/div><\/div><\/div><\/div><\/div>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-67e79f3 elementor-widget elementor-widget-spacer\" data-id=\"67e79f3\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-54a7b1c elementor-widget elementor-widget-text-editor\" data-id=\"54a7b1c\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><b><i>Our security experts regularly conduct research analysis of the ransomware families and the CVEs they target. The latest analysis is published in our <\/i><\/b><a href=\"https:\/\/www.securin.io\/reports\/\" target=\"_blank\" rel=\"noopener\"><b><i>Ransomware Report<\/i><\/b><\/a><b><i>. Read the report to find out which ransomware families are an active threat to your business. <\/i><\/b><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<section class=\"elementor-section elementor-inner-section elementor-element elementor-element-a37e696 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"a37e696\" data-element_type=\"section\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-inner-column elementor-element elementor-element-35f9b0a\" data-id=\"35f9b0a\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-a285079 elementor-widget elementor-widget-spacer\" data-id=\"a285079\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-f5b6983 elementor-widget elementor-widget-text-editor\" data-id=\"f5b6983\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<h3 dir=\"ltr\" style=\"text-align: center;\">Worried about <strong>ransomware vulnerabilities<\/strong> in your network?<\/h3><h3 dir=\"ltr\" style=\"text-align: center;\"><a href=\"https:\/\/securin.io\/contact-us\">Talk with our experts<\/a> to identify weak-points and vulnerabilities.<\/h3>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-09fb801 elementor-widget elementor-widget-spacer\" data-id=\"09fb801\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Learn about the vulnerabilities exploited, attack methodology, techniques and tactics used by the LockBit Ransomeware.<\/p>\n","protected":false},"author":1,"featured_media":14330,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[80,117],"tags":[623,107,89,124,118,575,116,91],"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/posts\/12062"}],"collection":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/comments?post=12062"}],"version-history":[{"count":103,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/posts\/12062\/revisions"}],"predecessor-version":[{"id":20350,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/posts\/12062\/revisions\/20350"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/media\/14330"}],"wp:attachment":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/media?parent=12062"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/categories?post=12062"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/tags?post=12062"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}