CISA Issues Cybersecurity Advisory on "Lockbit" Ransomware Attacks

Steven Lofchie Commentary by Steven Lofchie

The Cybersecurity & Infrastructure Security Agency ("CISA"), along with the FBI and international law enforcement agencies, described the "Lockbit ransomware variant" and recommended methods to mitigate the threat.

According to the Advisory, in 2022, "LockBit was the most active global ransomware group and RaaS [Ransomware-as-a-Service] in terms of the number of victims claimed on their data leak site." Lockbit allows developers to lease out ransomware and its control infrastructure to cybercriminals. CISA stated that Lockbit ransomware attacks vary in observed tactics, techniques and procedures due to the large amount of unconnected operation affiliates, which creates a "notable challenge" in maintaining network security and preventing attacks.

In addition, FINRA issued a Cybersecurity Alert, recommending that member organizations review the CISA Advisory as well as previously issued Regulatory Notice 22-29, containing ransomware guidance for member firms.


The alarming development of malicious services such as Lockbit should make clear the imprudence of the SEC's proposal to force mandatory central clearing of U.S. governments (both cash market and repo). How can anyone be confident that the FICC will be able to defend itself against cyber attacks when so many firms and governmental entities have been victimized?  A mandated conduit through which government securities must flow presents a compelling target for malicious actors using increasingly sophisticated tools. Even assuming that mandated central clearing would produce some economic benefit (and neither sell-side nor buy-side seems confident in that), there are clear downsides to the proposal including a loss of redundancy in settlement mechanics, a loss that will be extremely damaging to the US economy if there is a successful cyber attack on FICC.

Email me about this

Premium Content

Available only to Premium subscribers.