LockBit Ransomware Returns With More Effective Attacks

Share post:

Cybersecurity researchers at Trend Micro have been recording an increase in LockBit ransomware campaigns since July. This ransomware-as-a-service first appeared in September 2019 and was quite successful.

LockBit authors claim that LockBit 2.0 is one of today’s fastest file-encrypting ransomware variants in ads in underground forums. Those claims have proven interesting to cybercriminals seeking to make money from ransomware.

Trend Micro researchers have observed several LockBit ransomware campaigns in recent weeks, mainly targeting organizations in Chile, the U.K., Italy and Taiwan.

While LockBit remained under the radar for much of this year, it launched a major attack against Accenture’s professional services company.

LockBit also appears to have benefited from the apparent disappearance of ransomware gangs including REvil and Darkside, with affiliates of those groups turning towards LockBit as their pathway to launch fresh ransomware attacks.

Hackers often gain access to networks via compromised Remote Desktop Protocol (RDP) or VPN accounts that have been leaked or stolen. Alternatively, LockBit attacks sometimes attempt to trick insiders into accessing them with legitimate credentials.

LockBit also succeeds by copying the steps of notorious ransomware groups through certain tactics, techniques and procedures (TTPs) during attacks. LockBit, for example, now uses Ryuk’s Wake-on-LAN function and sends packets to wake offline devices to help them move sideways around networks and compromise as many machines as possible.

LockBit also uses a tool that was previously used by Egregor ransomware – printers in the network to print out ransom notes.

Like many of the most notorious ransomware groups, LockBit adds a double extortion element to the attacks by stealing the victim’s data and threatening to release it if the ransom is not paid as soon as a period expires.

For more information, read the original story in ZDNet.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Leaked documents may show the inside of China’s hacking strategy

Documents apparently stolen by disgruntled employees to embarrass their firm may give insight into China's cyber

Abuse of valid accounts by threat actors hits a high, says IBM

Attackers are finding that obtaining valid credentials is an easier route to achieving their goals, s

Cyber Security Today, Feb. 21, 2024 – A patch warning from ConnectWise, the latest ransomware news, and more

This episode reports on a report comparing business email compromise attacks against ransomware

UK leads takedown of LockBit ransomware gang’s website

The LockBit ransomware gang’s website has been seized, several news agencies reported late Monday. The Reuters news agency and The Register are carrying stories based on a new splash screen that has appeared on the gang’s website. It says, “This site is now under the control of the National Crime Agency of the UK, working

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways