CYBER SECURITY ENTHUSIAST

ACSC, The Australian Cyber Security Centre issued a warning related to an increase in LockBit 2.0 ransomware attacks against Australian organizations.

ACSC has observed an increase in reporting of LockBit 2.0 ransomware incidents in Australia.

Source

It is concerning to see that the LockBit victims are reporting threats related to their data being leaked online alongside the usual ransomware requests.

The majority of victims known to the ACSC have been reported after July 2021, indicating a sharp and significant increase in domestic victims in comparison to other tracked ransomware variants.

The ACSC has observed LockBit affiliates successfully deploying ransomware on corporate systems in a variety of sectors including professional services, construction, manufacturing, retail and food.

Source

ACSC also published a ransomware profile that offers additional information about the LockBit ransomware group as it includes initial access indicators, targeted sectors, as well as mitigation measures.

Lockbit Australia Attacks

Source

In the report it was also mentioned that the threat actors from Lockbit Ransomware are opportunistic, therefore being able to target organizations in any industry sector.

ID Ransomware LockBit submissions

Source

The ACSC provided in the material a series of mitigation tactics focused on LockBit TTPs (Tactics, Techniques, and Procedures):

  • enabling multifactor authentication (MFA) on all accounts to block the use of stolen credentials
  • encrypting sensitive data at rest to block exfiltration of sensitive information
  • segmenting corporate networks and restricting admin privileges to block lateral movement and privilege escalation attempts
  • maintaining daily backups to reduce a successful attack’s impact
  • patching internet-facing Fortinet devices against CVE-2018-13379, a security bug heavily exploited by LockBit to breach networks

Some Background Information on the Lockbit Ransomware

LockBit ransomware started operating back in September 2019. The group works as a ransomware-as-a-service (RaaS) by recruiting threat actors to breach networks and encrypt devices.

Since it was launched, LockBit has been extremely active, as the gang representatives were promoting the RaaS and providing support on various Russian-language hacking forums.

LockBit launched the LockBit 2.0 RaaS back in June, and it seems that the ransomware gang is trying to gain some traction following the slowdown noticed in their attacks since January.

Lockbit 2.0

Source

Lockbit 2.0 came with redesigned Tor sites and advanced features, that are including automatic encryption of devices across Windows domains by using the Active Directory group policies.

It’s interesting to note that LockBit 2.0 is attempting to remove the middlemen by trying to recruit insiders in the hope they would provide the ransomware group with access to corporate networks through Remote Desktop Protocol (RDP) and Virtual Private Network (VPN).

DeepBlueMagic Ransomware Strain Discovered by Heimdal™ – New Ransomware, New Method

LockBit Ransomware Gang Is Now Looking for Employees and Other Insiders to Give Them Access to Corporate Networks

Ransomware-as-a-Service (RaaS) – The Rising Threat to Cybersecurity

LockBit Ransomware Is Now Encrypting Windows Domains

A New Report Shows that 6 Ransomware Gangs Impacted More than 290 Companies in 2021

A Closer Look at Ransomware Attacks: Why They Still Work

Leave a Reply

Your email address will not be published. Required fields are marked *

GO TO TOP