FINRA receives reports from member firms about LockBit-related cyber incidents
The Financial Industry Regulatory Authority (FINRA) has issued a cybersecurity alert regarding LockBit.
LockBit, one of the most deployed ransomware variants in recent years, continues to impact organizations across the globe, including FINRA member firms.
Since November of 2023, FINRA has received reports from several member firms related to cyber incidents allegedly perpetrated by LockBit. The reported incidents varied in severity from no impact to significant disruptions in firms’ business operations.
As a result, the Cyber and Analytics Unit (CAU) within FINRA’s Member Supervision Program is notifying firms of the increased activity of this threat actor to heighten awareness and visibility of this risk. CAU is also providing a compilation of resources that outline effective practices firms may consider in response to this elevated risk.
Ransomware, which includes the use of malicious software to encrypt, exfiltrate, or deny access to data belonging to another entity and then demanding payment to return access or not publish the data, continues to prove profitable for criminals. The profitability and increased activity related to ransomware is likely the result of threat actors’ use of the “Ransomware as a Service (RaaS)” model that involves the sale of off-the-shelf malicious software allowing quick deployment against a desired target.
The RaaS model lowers the technical expertise and resources required for threat actors to become perpetrators of ransomware attacks by enabling the purchase of the necessary programs, infrastructure, and support – a process generally facilitated through illicit marketplaces.
The LockBit enterprise, an organization reportedly operating under the RaaS model, is one of the most active ransomware groups in recent years and continues to target member firms. As ransomware continues to pose operational, financial, and reputational risks to organizations, including FINRA member firms, vigilant cybersecurity measures are necessary to enhance data security and protect operations.