Combine cutting-edge XDR technology, multi-signal threat intelligence and 24/7 Elite Threat Hunters to help you build a world-class security operation.
Our team delivers the fastest response time in the industry. Threat suppression within just 4 hours of being engaged.
Cyber risk and advisory programs that identify security gaps and build security strategies to address them.
24/7 SOC-as-a-Service with unlimited threat hunting and incident handling.
XDR with machine learning that eliminates noise, enables real-time detection and response, and automatically blocks threats.
Seamless integration and threat investigation across your existing tech stack.
Proactive threat intelligence, original threat research and a world-class team of seasoned industry veterans.
Extend your team capabilities and prevent business disruption with expertise from eSentire.
We balance automated blocks with rapid human-led investigations to manage threats.
Guard endpoints by isolating and remediating threats to prevent lateral spread.
Defend brute force attacks, active intrusions and unauthorized scans.
Investigation and threat detection across multi-cloud or hybrid environments.
Remediate misconfigurations, vulnerabilities and policy violations.
Investigate and respond to compromised identities and insider threats.
Stop ransomware before it spreads.
Meet regulatory compliance mandates.
Detect and respond to zero-day exploits.
End misconfigurations and policy violations.
Defend third-party and supply chain risk.
Prevent disruption by outsourcing MDR.
Adopt a risk-based security approach.
Meet insurability requirements with MDR.
Protect your most sensitive data.
Build a proven security program.
Operationalize timely, accurate, and actionable cyber threat intelligence.
THE THREAT In recent weeks, eSentire’s Threat Response Unit (TRU) has traced numerous email account compromise cases to infrastructure hosted on several related hosting…
Dec 10, 2024THE THREATUpdate: Security patches to address this vulnerability were released by Cleo on December 12th. Organizations need to update to Cleo Harmony, VLTrader, and LexiCom versions…
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
Multi-Signal MDR with 300+ technology integrations to support your existing investments.
24/7 SOC-as-a-Service with unlimited threat hunting and incident handling.
Three MDR package tiers are available based on per-user pricing and level of risk tolerance.
The latest security advisories, blogs, reports, industry publications and webinars published by TRU.
Compare eSentire to other Managed Detection and Response vendors to see how we stack up against the competition.
See why 2000+ organizations globally have chosen eSentire for their MDR Solution.
In late February 2024, the notorious ransomware group known as LockBit was dealt a severe blow as international law enforcement partners including the Federal Bureau of Investigation (FBI) and the Cyber Division of the U.K. National Crime Agency (NCA) successfully seized many public-facing webservers and servers used for LockBit administration, hobbling the group’s ability to attack, encrypt, and extort victims.
According to cybersecurity expert Kevin Beaumont, a LockBit affiliate claimed that they were behind the ransomware attack that shut down some of the operations of EquiLend, a key financial technology company that processes trillions of dollars of securities lending transactions each month.
What was interesting to me is that despite confirming to Kevin Beaumont that they were behind the EquiLend ransomware attack, LockBit initially did not post EquiLend on their leak site. This may mean that EquiLend negotiated, and paid, the ransom amount. Update: As of February 25, LockBit have posted EquiLend on their new leak site:
In case you aren’t familiar with the LockBit ransomware group, it emerged in 2019 and has since gained notoriety for its highly targeted and damaging cyberattacks. They often use double extortion as a tactic; in addition to encrypting the victim’s files, they threaten to leak sensitive data if the ransom is not paid (thus increasing the pressure on the victims to comply).
The LockBit group operates as a Ransomware-as-a-Service, where other cybercriminals they recruit can use their underlying tools and infrastructure to launch ransomware attacks and share the ransom payments. Since inception, it is believed that they had targeted 2,000+ victims and received more than $120 million USD in ransom payments.
In September 2023, eSentire’s Threat Response Unit (TRU) released a detailed report on the LockBit ransomware group and how they were targeting their victims. Between February 2022 and June 2023, TRU disrupted three incidents targeting a storage materials manufacturer, a manufacturer of home décor, and a Managed Service Provider (MSP).
According to the report, once the LockBit group gained access into their targets’ environment, they used remote monitoring and management (RMM) tools, their remote access software, or brought in their own RMM tools to deploy ransomware. In the case of the MSP, they attempted to deploy malware to the MSP’s downstream customers.
Moreover, our 2024 SMB Ransomware Readiness report also found that LockBit was the most significant threat for small-medium businesses (SMBs) that fall within the $1 million to $25 million annual revenue range.
Authorities stated that they have obtained keys from the seized LockBit infrastructure and will be able to assist victims unlock their encrypted systems. As well, the Justice Department indicted two Russian nationals with deploying LockBit ransomware to many companies throughout the United States. This brings the number of indicted individuals for their participation in the LockBit ransomware group to five.
Here’s my take on the news – this is truly good news, but we should take care to note that the fight is not over. We should expect that the ‘bad guys’ have backups (just as we do) and that they have an incentive to be resilient in their operations.
This co-operative operation has dealt a serious blow to the parent organization and will hopefully increase their cost of doing business. However, they’re certainly not out of business. In fact, LockBit has already spun up a new Dark Web leak site and for all intents and purposes, they’ve resumed operations.
I also think we will continue to see other ransomware groups use RMM tools to gain initial access into their target organizations. With that in mind, here are some recommendations for organizations to protect themselves:
Protecting your organization against LockBit and other similar ransomware-as-a-service threats will always come down to how vigilant you are about staying ahead of the threat landscape and proactively preventing business disruption.
If you’ve been targeted by LockBit, please contact the FBI here for next steps you can take.
Eldon Sprickerhoff is the original pioneer and inventor of what is now referred to as Managed Detection and Response (MDR). In founding eSentire, he responded to the incipient yet rapidly growing demand for a more proactive approach to preventing and investigating information security breaches. Now with over 20 years of tactical experience, Eldon is acknowledged as a subject matter expert in information security analysis. Eldon holds a Bachelor of Mathematics, Computer Science degree from the University of Waterloo.