top of page

LockBit 3.0 Ransomware: IoCs and TTPs

LockBit 3.0 is the latest version of the LockBit ransomware that was first released in 2019. This ransomware is a continuation of the previous versions of LockBit and is designed to function as a Ransomware-as-a-Service (RaaS) model. The U.S. Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing & Analysis Center (MS-ISAC) have released a joint cybersecurity advisory detailing the indicators of compromise (IoCs) and tactics, techniques, and procedures (TTPs) associated with the notorious LockBit 3.0 ransomware. Since emerging in late 2019, the LockBit actors have invested significant technical efforts to develop and fine-tune its malware, issuing two major updates — LockBit 2.0, released in mid-2021, and LockBit 3.0, released in June 2022. The two versions are also known as LockBit Red and LockBit Black, respectively. LockBit 3.0 accepts additional arguments for specific operations in lateral movement and rebooting into Safe Mode. If a LockBit affiliate does not have access to passwordless LockBit 3.0 ransomware, then a password argument is mandatory during the execution of the ransomware. The ransomware is also designed to infect only those machines whose language settings do not overlap with those specified in an exclusion list, which includes Romanian (Moldova), Arabic (Syria), and Tatar (Russia). Ransomware continues to be a major threat to both individuals and organizations alike. It is important to be aware of the various types of ransomware that are out there and to know the indicators of compromise so that you can protect yourself and your data.


bottom of page