The Effectiveness of LockBit Ransomware
The world’s most active and prosperous cybercrime organization now is the LockBit ransomware. LockBit has emerged from the shadows of the Conti ransomware organization, which was disbanded in early 2022, and is said to be the work of a Russian Threat Actor.
Due to the “.abcd virus” extension initially noticed, LockBit ransomware was originally identified in September 2019 and was formerly known as ABCD ransomware. Ransomware-as-a-service (RaaS) is how LockBit works. This entails, in essence, that affiliates pay a deposit to use the program and then share the ransom with the LockBit organization.
According to reports, some affiliates get as much as a 75% cut. The owners of LockBit have advertised their affiliate scheme on criminal forums in Russian and stated they will not do business in Russia or other CIS nations or with English-speaking developers unless a Russian-speaking “guarantor” stands up for them.
Initial attack vectors against LockBit include social engineering, such as phishing, spear phishing, and business email compromise (BEC), exploitation of applications with a public facing, hiring of initial access brokers (IABs), using stolen credentials to access legitimate accounts, such as remote desktop protocol (RDP), as well as brute-force cracking attacks.
Targets for LockBit:
LockBit has traditionally targeted government organizations and businesses across a range of industries, including healthcare, finance, and industrial products and services. Across the world, the ransomware has been shown to target nations including the US, China, India, Indonesia, Ukraine, France, the UK, and Germany.
The programming of LockBit makes it unable to be utilized in attacks against Russia or the CIS (Commonwealth of Independent States) nations, which is an additional intriguing aspect. The gang probably took this step to guard against any potential retaliation from the Russian government.
What is Raas?
In recent years, ransomware-as-a-service (RaaS) has grown in popularity. RaaS is a form of business model where ransomware developers give tools and software to other people or organized crime organizations so they may conduct ransomware attacks in exchange for a part of the ransom money. This increases the volume of ransomware assaults and makes it more challenging to identify and capture the perpetrators by enabling even those with less technical expertise to take part in the attacks.
The following actions are advised for companies to improve their security posture:
- Ensure that Managed Detection and Response (MDR) is utilized to identify suspicious or abnormal behaviour, analyse risks quickly, prioritise them, and respond accordingly to ensure the safety of your data, employees, and procedures.
- Ensure that staff members receive training and education on the most recent cyber security dangers so they can recognise an attack and react appropriately.
Author: Sanjana Amale