Skip to main content
Published Aug 17, 2021 | Updated Jul 15, 2024

Ransom:Win32/Lockbit.STA

Detected by Microsoft Defender Antivirus

Aliases: No associated aliases

Summary

Ransom:Win32/Lockbit.STA is a prominent ransomware strain, created by the Blizzard group known as Bitwise Spider. This ransomware primarily operates as Ransomware-as-a-Service (RaaS).


Later versions of Ransom:Win32/Lockbit.STA incorporate code from BlackMatter ransomware, which can sometimes lead to identification overlaps.

To mitigate the issue, follow these steps:

  • Apply security updates promptly, especially for the specified vulnerabilities, on all applications and operating systems. Consult the Microsoft Security Update Guide for comprehensive information on available Microsoft Security updates.
  • Follow the principle of least privilege and maintain credential hygiene. Avoid using domain-wide, admin-level service accounts. Restrict local administrative privileges to mitigate the potential installation of remote access trojans (RATs) and other undesirable applications.
  • Network segmentation is useful in constraining the propagation of malware infections. The process involves partitioning a network into smaller segments, effectively confining an infection to a single segment rather than permitting its unrestricted spread across the entire network.
  • Promote the use of Microsoft Edge and other web browsers that support SmartScreen, a feature identifying and blocking malicious websites, including phishing sites, scam sites, and those hosting exploits or malware.
  • Block the launch of downloaded executable content by disabling JavaScript or VBScript. 


Follow us