Carbon Black Cloud: What guidance is there for LockBit ransomware?
search cancel

Carbon Black Cloud: What guidance is there for LockBit ransomware?


Article ID: 289560


Updated On:


Carbon Black Cloud Endpoint Standard (formerly Cb Defense)


What information is available for Carbon Black Cloud Products in relation to LockBit ransomware, and what guidance is there to ensure an organization is as protected as possible?


  • Carbon Black Cloud Console: All Versions
  • Carbon Black Cloud Sensor: and Higher
  • Microsoft Windows: All Supported Versions


Threat Research post on Critical Vulnerabilities in general

TAU-TIN post on LockBit ransomware

TAU-TIN post on Ransomware threats in general, with sections specific to Endpoint Standard (was CB Defense) and Enterprise EDR (was CB ThreatHunter)

Post in Threat Research Discussions area from a well-versed customer, with some helpful information

Additional Information

  • For Carbon Black Cloud, all of the listed IOCs are hashes and have been marked with malware reputations in the Cloud; customers do not need to add them directly to the Reputations page
  • ForĀ reputation-based prevention, Sensor versions and above will all receive current reputations for theĀ IOCs/hashes (SHA256 only) and block based on Policy Rules related to their reputation(s) being present
  • For added protections available using AMSI prevention, Sensors will need to be on v3.6.x.x or higher