LockBit Encrypts Windows Domains Using Group Policies

Share post:

In samples of the LockBit 2.0 ransomware, which was discovered by MalwareHunterTeam, a new version of LockBit 2.0 was found, which automates the encryption of a Windows domain using Active Directory group policies.

After they have broken through a network and gained control of the domain controller, threat actors use third-party software to deploy scripts that disable antivirus and execute the ransomware on the computer in the network.

In samples of the LockBit 2.0 ransomware discovered, threat actors automate the process to ensure that the ransomware distributes itself in a domain when run on a domain controller.

This creates new group policies for the domain controller, which are then transferred to every device in the network.

These policies can then disable Microsoft Defender’s real-time protection, trigger alerts, submit samples to Microsoft, and take default actions to detect malicious files.

For more information, read the original story in BleepingComputer.

Featured Tech Jobs


Related articles

Russian threat actor expanding its target list, warns Five Eyes report

APT29 is increasingly going after cloud services in mo

Canada’s privacy watchdog investigating hack at Global Affairs

Inquiry will look into adequacy of data safeguards at the federal

Sidebar: The powerful Digital Safety Commission

A look at the powers of the proposed five-person body charged with overseeing the Online

Cyber attack on Hamilton knocks out municipal phone, email

One of Ontario’s biggest cities is in the second day of dealing with a cyber attack. Hamilton, a municipality of about 570,000 on the shore of Lake Ontario, said Sunday it had suffered a city-wide phone and email “disruption” to municipal and public library services, which included the Bus Check Info Line and the HSRNow

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways