Analysis of the LockBit 3.0 and its infiltration into Advanced's infrastructure crippling NHS services

TL;DR

This paper analyzes LockBit 3.0 ransomware's attack techniques, its impact on critical infrastructure like NHS services, and emphasizes the importance of detection systems over prevention to combat its evolving threat.

Contribution

It provides a detailed breakdown of LockBit 3.0's attack methods and highlights the role of social engineering and detection systems in mitigating its impact.

Findings

LockBit 3.0 employs sophisticated attack techniques.

Social engineering is a key vector for LockBit infiltration.

Enhanced detection systems are more effective than prevention alone.

Abstract

The LockBit 3.0 ransomware variant is arguably the most threatening of malware in recent times. With no regard for a victim's industry, the ransomware has undergone several evolutions to arrive at an adaptable and evasive variant which has been a menace to governments and organisations, recently infiltrating Advanced Computer Software group. Previous LockBit studies mostly concentrated on measuring the impact of the ransomware attack, prevention, encryption detection, decryption, or data recovery, thereby providing little or no benefit to the less tech savvy populace as a detailed breakdown of the mode of attack is rarely examined. This article analyses the LockBit 3.0 attack techniques with a contextual illustration of the attack on Advanced Computer Software group. With the NHS being a major client of the organisation, and its services alongside 15 other clients being crippled for hours during the attack, attention is drawn to how dreadful such disruption may be in critical organisations. We observed that the upgrade of Lockbit based on releasing newer versions is in a bid to continuously ensure the malware's efficiency - a virtue that keeps it at the zenith - by staying ahead of improved defenses. Our study highlights social engineering as a vibrant portal to Lockbit's maliciousness and indicates an investment in detection systems may profit more than in prevention systems. Therefore, further research should consider improving detection systems against Lockbit 3.0.