The Financial Industry Regulatory Authority (FINRA) has issued a cybersecurity alert regarding LockBit.
LockBit, one of the most developed ransomware variants in recent years, continues to affect organizations around the world, including FINRA member firms.
Since November 2023, FINRA has received reports from various member firms related to cyber incidents allegedly perpetrated by LockBit. The reported incidents ranged in severity from zero impact to significant disruptions to the companies’ business operations.
As a result, the Cyber and Analytics Unit (CAU) under FINRA’s Member Oversight Program is alerting firms to increased activity by this threat actor to increase awareness and visibility of this risk. CAU also provides a collection of resources that describe effective practices that companies can consider in response to this increased risk.
Ransomware, which involves using malware to encrypt, infiltrate or deny access to data belonging to another entity and then demand payment to return access or not publish the data, continues to prove profitable for criminals. The profitability and increased activity associated with ransomware is likely the result of threat actors using the “Ransomware as a Service (RaaS)” model that involves selling off-the-shelf malware that enables rapid deployment against a desired target.
The RaaS model reduces the technical expertise and resources required for threat actors to become perpetrators of ransomware attacks by enabling the purchase of the necessary programs, infrastructure and support – a process generally facilitated through illegal procurement.
The LockBit operation, an organization allegedly operating on the RaaS model, has been one of the most active ransomware groups in recent years and continues to target member companies. As ransomware continues to pose operational, financial and reputational risks to organizations, including FINRA member firms, careful cybersecurity measures are required to enhance data security and protect operations.