The Financial Industry Regulatory Authority (FINRA) has issued a cybersecurity alert about LockBit.。

LockBit is one of the most deployed ransomware variants in recent years, and it continues to impact organizations around the globe, including FINRA's member companies.。

Since November 2023, FINRA has received reports from several member companies about cyber incidents allegedly triggered by LockBit.。The severity of the reported incidents varied, with some having no impact and others seriously disrupting the company's business operations。

As a result, the Cyber and Analytics Unit (CAU) in FINRA's Member Regulatory Program is informing companies of the increased activity of this threat actor to increase awareness and visibility of this risk.。CAU also provides a compilation of resources outlining effective practices that companies can consider when addressing this high risk。

Ransomware involves the use of malware to encrypt, drain or deny access to data belonging to another entity and then demand a ransom to return access or not release the data。The increase in ransomware-related profitability and activity is likely the result of threat actors using the "Ransomware as a Service (RaaS)" model, which involves selling off-the-shelf malware for rapid deployment to desired targets.。

The RaaS model reduces the technical expertise and resources required for threat actors to become perpetrators of ransomware attacks by purchasing the necessary procedures, infrastructure, and support, a process that is often carried out through illicit markets。

LockBit enterprises operating in RaaS mode are reportedly among the most active ransomware organizations in recent years and continue to target member companies.。As ransomware continues to pose operational, financial and reputational risks to organizations, including FINRA member companies, there is a need for vigilant cybersecurity measures to enhance data security and protect operations。