Abstract
AbstractAll forms of data are meant to be secured. The emergence of a variety of techniques and tactics utilized by malware authors has made recovery difficult. LockBit ransomware has been in the news and the APT behind deployment of this ransomware virus has compromised several organizations. It is important to understand the behavior of such malware, to identify the anti‐analysis stuff it performs and to block it. The APT involved compromised several health and medical facilities including AIIMS in India and Sick Kids Hospital in Canada. Ransomwares are highly impactful family of malware. Impacts may begin from confidential medical information being harvested over a C2 and can go up to rendering medical equipment useless. This article discusses compromised entities and defending strategies that can be used to block LockBit ransomware using any generic SIEM tool. It also explains the need for tools that can survive ransomware encryption, a restart command‐line and can detect the behavioral patterns of such malware. Several samples were collected from various sources; the identities of compromise were collected from strings and behavior of those samples. Several detection mechanisms including YARA, SNORT, and generic HUNT rules have also been discussed.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
