重大アクティブトレンド
Critical Risk
95%
LockBit Ransomware
Affiliate-based ransomware known for fast encryption and double extortion.
#ransomware#double-extortion#windows
脅威の概要
LockBit operates as a ransomware-as-a-service platform. Affiliates deploy encryptors across networks, exfiltrate sensitive data, and publish leaks to pressure victims into paying ransoms.
攻撃の挙動
- Mass file encryption using hybrid AES + RSA schemes
- Shadow copy and backup service deletion
- Data exfiltration prior to encryption for double extortion
- Lateral movement via stolen credentials and RDP
感染経路
- Phishing attachments
- Exploited VPN or RDP endpoints
- Malicious email links
- Supply-chain compromise
症状と指標
- Renamed files with unusual extensions
- Ransom notes on desktops
- Disabled recovery tools
- Unexpected network traffic spikes
即時の緩和策
- Isolate affected endpoints immediately
- Preserve forensic images before cleanup
- Notify legal and incident response teams
- Do not pay ransom without professional guidance
削除ガイド
- Boot from clean media and scan offline
- Restore from verified offline backups
- Rebuild compromised domain controllers
- Rotate all domain credentials
予防方法
- Enable behavioral ransomware protection
- Maintain immutable offline backups
- Patch edge services and disable unused RDP
- Enforce least-privilege access
テレメトリ指標
- vssadmin delete shadows
- Mass .lockbit extension renames
- Suspicious PowerShell download cradle
LockBit campaigns continue through affiliate networks despite law-enforcement disruptions. Treat it as an active high-risk family.