What information is available for Carbon Black Cloud Products in relation to LockBit ransomware, and what guidance is there to ensure an organization is as protected as possible?

• Carbon Black Cloud Console: All Versions
• Carbon Black Cloud Sensor: 2.0.4.9 and Higher
• Microsoft Windows: All Supported Versions

Threat Research post on Critical Vulnerabilities in general
https://community.carbonblack.com/t5/Threat-Research-Docs/Critical-Vulnerabilities-and-Perspective/ta-p/78662

TAU-TIN post on LockBit ransomware
https://community.carbonblack.com/t5/Threat-Research-Docs/TAU-TIN-LockBit-Ransomware/ta-p/106218

TAU-TIN post on Ransomware threats in general, with sections specific to Endpoint Standard (was CB Defense) and Enterprise EDR (was CB ThreatHunter)
https://community.carbonblack.com/t5/Threat-Research-Docs/TAU-TIN-Ransomware-Threats/ta-p/78246

Post in Threat Research Discussions area from a well-versed customer, with some helpful information
https://community.carbonblack.com/t5/Threat-Research-Discussion/TAU-TIN-Recommended-Policy-Changes-Cb-Defense-Updated-2019-08-05/m-p/70862

• For Carbon Black Cloud, all of the listed IOCs are hashes and have been marked with malware reputations in the Cloud; customers do not need to add them directly to the Reputations page
• For reputation-based prevention, Sensor versions 2.0.4.9 and above will all receive current reputations for the IOCs/hashes (SHA256 only) and block based on Policy Rules related to their reputation(s) being present
• For added protections available using AMSI prevention, Sensors will need to be on v3.6.x.x or higher