The .ABCD virus that was first discovered in September 2019 has been updated with several new features and is now a Ransomware-as-a-Service (RaaS) called LockBit.
a new data leak website was launched by the attackers behind this ransomware and they started using a double extortion tactic to scare victims into paying a ransom.
Targets –
It is noticed, organizations located in the U.S., the U.K, France, Ukraine, Germany, India, China, and Indonesia are mostly targeted by the LockBit Ransomware.
- Medium-sized American organizations were actively targeted by the ransomware gang last month.
- An international architectural firm whose data was released on the Maze group’s data leak site was also targeted by LockBit in June.
- In May, hackers affiliated with the LockBit ransomware targeted a corporate network and encrypted approximately 25 servers and 225 workstations.
Characteristics of the Attack
Unauthorized access is gained by the ransomware group to the targeted network while seeking weak account passwords that might lack multi-factor authentication.
Below are some of their attack techniques –
- The group targets an administrator account by brute-forcing the outdated VPN service, to gain network access.
- To propagate their malware throughout a network, it uses SMB, ARP tables, and PowerShell.
- LockBit is also known to have self-propagation features and it can breach a corporate network, along with encrypting hundreds of devices in just a few hours.
A collaboration between the two cybercrime groups – The Maze group and the operators of LockBit is suggested since the former hosted a data cache stolen by the LockBit ransomware on its leak site in June.
Since LockBit exploits any weaknesses in a network, our security experts that organizations should fortify their network with adequate security defences. It is advisable to always take a backup of important data and store the backups separately so that it cannot be accessed from a network.
To read more, please check eScan Blog