Never waste a good incident
Northwave believes there is real opportunity to learn from previous attacks and their incident response cases. By analysing the findings and accurately reflecting on the measures that were taken, an adequate strategy can be developed for the future. Hence this white paper is dubbed ‚Tales from the trenches‘. In collaboration with McAfee, we researched a targeted ransomware attack based on a real-life case in which Northwave’s incident response team encountered a relatively new ransomware family called LockBit. In this white paper, we provide an in-depth view of the LockBit ransomware family. We describe the ransomware attack including the modus operandi of attackers and the recovery process. Additionally, we provide an insight in the underground that advertises the ransomware and give a full technical break-down of the ransomware itself. Lastly, during our analysis, we were able to obtain multiple samples of the LockBit ransomware with which we could provide an extensive list of IOCs which is included at the end of the white paper.