View Only

Carbon Black Cloud: What guidance is there for LockBit ransomware?

By CB_Support posted Aug 24, 2021 01:18 AM

Recommend

Environment

Carbon Black Cloud Console: All Versions
Carbon Black Cloud Sensor: 2.0.4.9 and Higher
Microsoft Windows: All Supported Versions

Question

What information is available for Carbon Black Cloud Products in relation to LockBit ransomware, and what guidance is there to ensure an organization is as protected as possible?

Answer

Threat Research post on Critical Vulnerabilities in general
Critical Vulnerabilities and Perspective

TAU-TIN post on LockBit ransomware
TAU-TIN – LockBit Ransomware

TAU-TIN post on Ransomware threats in general, with sections specific to Endpoint Standard (was CB Defense) and Enterprise EDR (was CB ThreatHunter)
TAU-TIN - Ransomware Threats

Post in Threat Research Discussions area from a well-versed customer, with some helpful information
TAU-TIN Recommended Policy Changes - Cb Defense - Updated 2019-08-05

Additional Notes

For Carbon Black Cloud, all of the listed IOCs are hashes and have been marked with malware reputations in the Cloud; customers do not need to add them directly to the Reputations page
For reputation-based prevention, Sensor versions 2.0.4.9 and above will all receive current reputations for the IOCs/hashes (SHA256 only) and block based on Policy Rules related to their reputation(s) being present
For added protections available using AMSI prevention, Sensors will need to be on v3.6.x.x or higher

Knowledge Base