1. Home
  2. Vol 15, No 3 (2026)
  3. Santoso

Implementasi Kerangka Kerja MITRE D3FEND dalam Mitigasi Serangan Ransomware LockBit 3.0

Syahbagus Radithya Haryo Santoso(1),Henni Endah Wahanani(2*),Achmad Junaidi(3)
(1) UNIVERSITAS PEMBANGUNAN NASIONAL VETERAN JAWA TIMUR
(2) UNIVERSITAS PEMBANGUNAN NASIONAL VETERAN JAWA TIMUR
(3) UNIVERSITAS PEMBANGUNAN NASIONAL VETERAN JAWA TIMUR
(*) Corresponding Author
DOI : 10.35889/jutisi.v15i3.3636

Abstract

Cybersecurity threats are escalating due to the evolution of LockBit 3.0 ransomware, which has disrupted national vital sectors. This study aims to demonstrate the implementation of the MITRE D3FEND framework to mitigate these attacks within a Windows 11 environment. An experimental method using a technical comparative analysis approach was applied and validated through 50 test iterations to ensure data reliability. The results indicate that the baseline unprotected system is completely vulnerable to the entire LockBit 3.0 attack chain. However, the deployment of MITRE D3FEND controls proactively enhances system resilience, achieving a 75% effectiveness score by successfully executing passive detection and real-time active blocking at critical attack vectors. This study concludes that a digital artifact-based defense strategy significantly hardens cyber infrastructure, while recommending future developments in artificial intelligence (AI) based adaptive mitigation automation.

Kata kunci: MITRE D3FEND; LockBit 3.0; Cybersecurity; Ransomware; Mitigation

 

Abstrak

Ancaman keamanan siber meningkat akibat evolusi ransomware LockBit 3.0 yang melumpuhkan berbagai sektor vital nasional. Penelitian ini bertujuan mendemonstrasikan implementasi kerangka kerja MITRE D3FEND dalam memitigasi serangan tersebut pada Windows 11. Metode eksperimen diterapkan melalui pendekatan analisis komparatif teknis yang divalidasi lewat 50 kali iterasi pengujian guna menjamin reliabilitas data. Hasil pengujian menunjukkan bahwa sistem standar tanpa proteksi sepenuhnya rentan terhadap seluruh rangkaian serangan LockBit 3.0. Namun, penerapan kontrol pertahanan MITRE D3FEND terbukti proaktif meningkatkan resiliensi sistem dengan skor efektivitas mencapai 75% melalui keberhasilan fungsi deteksi pasif serta pemblokiran aktif secara real-time di titik-titik krusial serangan. Penelitian ini menyimpulkan bahwa strategi pertahanan berbasis artefak digital secara signifikan memperkeras keamanan infrastruktur siber, sekaligus merekomendasikan pengembangan otomatisasi mitigasi adaptif berbasis kecerdasan buatan (AI) di masa depan.

 

Keywords


MITRE D3FEND; LockBit 3.0; Cybersecurity; Ransomware; Mitigasi

References


S. Mavire, K. B. Muhwati, N. Kota, and J. A. Awoleye, “Mitigating Ransomware in the Energy and Healthcare Sectors through Layered Defense Strategies,” International Journal of Scientific and Management Research, vol. 08, no. 04, pp. 143–166, 2025, doi: 10.37502/ijsmr.2025.8609.

N. Suk-On, N. Thiratitsakun, and K. Chimmanee, “Digital Forensic Analysis of Lockbit Ransomware Attack on Operational Technology,” in 8th International Conference on Information Technology 2024, InCIT 2024, Institute of Electrical and Electronics Engineers Inc., 2024, pp. 624–629. doi: 10.1109/InCIT63192.2024.10810564.

CISA, “#StopRansomware: LockBit 3.0,” 2023. Accessed: Apr. 21, 2026. [Online]. Available: https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-075a

Eliando and A. Budi Warsito, “LockBit Black Ransomware On Reverse Shell: Analysis of Infection Ransomware LockBit Black di Dalam Reverse Shell: Analisis Infeksi,” Cogito Smart Journal, vol. 9, no. 2, pp. 228–240, 2023.

R. Kaestria, A. Lukman Djatta, M. Erfan, and E. Faiqotul Himmah, “Penerapan Metodologi Forensik Digital Nist Sp 800-86 Pasca Serangan Ransomware Lockbit 3.0 Implementation of the NIST SP 800-86 Digital Forensic Methodology After the LockBit 3 Ransomware Attack,” Jurnal Sains Komputer dan Teknologi Informasi e-issn, vol. 8, no. 1, pp. 55–58, Nov. 2025, doi: https://doi.org/10.33084/jsakti.v8i1.11137.

S. Lee, M. Tsai, and S. W. Shieh, “The Game of Spear and Shield in Next Era of Cybersecurity,” IEEE Trans. Reliab., vol. 73, no. 1, pp. 85–92, Mar. 2024, doi: 10.1109/TR.2023.3342874.

CISA, “Understanding Ransomware Threat Actors: LockBit,” 2023. Accessed: Jan. 07, 2026. [Online]. Available: https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-165a

X. Li and V. K. Madisetti, “ERAD: Enhanced Ransomware Attack Defense System for Healthcare Organizations,” Journal of Software Engineering and Applications, vol. 17, no. 05, pp. 270–296, 2024, doi: 10.4236/jsea.2024.175016.

C. Lanza, A. Lahmadi, and J. François, “Ransomware Analysis: Knowledge Extraction and Classification for Advanced Cyber Threat Intelligence,” International Journal of Computer Networks & Communications (IJCNC), vol. 16, no. 4, pp. 1–96, 2024, [Online]. Available: http://taylorandfrancis.com

A. F. Syifa and M. Salman, “Cyber Kill Chain Framework Approach to Map Potential Attack Vectors on Windows-based OS,” International Journal of Electrical, Computer, and Biomedical Engineering, vol. 3, no. 1, pp. 142–156, May 2025, doi: 10.62146/ijecbe.v3i1.107.

A. Husseis, J. L. Flores, A. Bregar, G. Mazzeo, and L. Coppolino, “Enhancing Cybersecurity Proactive Decision-Making Through Attack Tree Analysis and MITRE Framework,” in Proceedings - International Carnahan Conference on Security Technology, Institute of Electrical and Electronics Engineers Inc., 2023. doi: 10.1109/ICCST59048.2023.10726853.

K. Fida Hasan, S. Member, H. Hossain Shajeeb, C. Abeydeera, B. Turnbull, and M. Warren, “ISADM: An Integrated STRIDE, ATT&CK, and D3FEND Model for Threat Modeling Against Real-world Adversaries,” IEEE Access, no. 11, 2023.

N. Mohamed, “Study of bypassing Microsoft Windows Security using the MITRE CALDERA Framework,” F1000Res., vol. 11, no. 344, p. 422, Apr. 2022, doi: 10.12688/f1000research.109148.1.

Í. Oliveira et al., “Boosting D3FEND: Ontological Analysis and Recommendations,” in Frontiers in Artificial Intelligence and Applications, IOS Press BV, Dec. 2023, pp. 334–348. doi: 10.3233/FAIA231138.

MITRE, “MITRE D3FEND Knowledge Graph,” MITRE Corporation. Accessed: Jan. 04, 2026. [Online]. Available: https://d3fend.mitre.org/

Seri Mughni Sulubara, Virdyra Tasril, and Nurkhalisah Nurkhalisah, “Legal Protection Against Cybercrime from Ransomware Attacks and Evaluation of the 2025 Cyber Security and Resilience Bill in Indonesia’s Defense,” Aliansi: Jurnal Hukum, Pendidikan dan Sosial Humaniora, vol. 2, no. 5, pp. 240–249, Aug. 2025, doi: 10.62383/aliansi.v2i5.1234.

R. Gian Aditya Asbath, R. Putra Anugrah, and A. Setiawan, “Analisis Dampak Ransomware Pada Keamanan Data Perusahaan Dan Strategi Mitigasinya,” Jurnal Kumpulan Ilmu Komputer Dan Perubahan Digital, vol. 1, no. 1, pp. 17–23, Jun. 2025.


The PDF file you selected should load here if your Web browser has a PDF reader plug-in installed (for example, a recent version of Adobe Acrobat Reader).

If you would like more information about how to print, save, and work with PDFs, Highwire Press provides a helpful Frequently Asked Questions about PDFs.

Alternatively, you can download the PDF file directly to your computer, from where it can be opened using a PDF reader. To download the PDF, click the Download link above.

Fullscreen Fullscreen Off

Full Text: File PDF

How To Cite This :

Refbacks

  • There are currently no refbacks.