April 28, 2023
New Data Breaches from Cl0p and Lockbit Ransomware Groups
Executive Summary
Ransomware-as-a-service (RaaS) groups Cl0p and Lockbit recently conducted several distinct attacks, exploiting three known vulnerabilities (CVE-2023-27351, CVE-2023-27350, and CVE-2023-0669). The Cybersecurity and Infrastructure Security Agency (CISA) added the latter two vulnerabilities to its Known Exploited Vulnerabilities Catalog but has not yet added the first. This Sector Alert follows previous HC3 products on Cl0p (Cl0p Allegedly Targeting Healthcare Industry and Cl0p Ransomware) and Lockbit (Lockbit Ransomware, LockBit 3.0, and LockBit 2.0 IOCs), and provides an update on the recent attacks, and recommendations to detect and protect against future ransomware attacks.