The newest edition of LockBit Ransomware, LockBit 2.0, has evolved in its distribution methods. The ransomware spreads across local networks by accessing and taking advantage of group policies. This is a type of ransomware that falls under the Ransomware-as-a-Service (RaaS) sect of ransomware. These are the businessmen of the ransomware underworld — they act as the middleman between the cybercriminal groups that want to steal and hold data for ransom and the unsuspecting victim, be they a company, individual, or a number of targets. RaaS entities like LockBit provide their criminal customers with services including the infrastructure, malware variants, and means of attacking — they, in turn, get a decent share of the ransom as their payment.
LockBit’s newest ransomware variant breaches a company’s security protocols, which is typical of any cybercrime out there, but what makes this newest iteration newsworthy is the uniqueness of it its distribution method. Once entry has been gained, LockBit runs their malware on the corrupted system which creates new user group policies. These policies are then automatically pushed to each device on the network, infecting the entirety of the system. This action infects all of the devices on the network, shutting down the security protocols from the inside out. This is a unique feature for a ransomware variant because the infection is automated.
According to Bleeping Computer, samples of the LockBit 2.0 ransomware (discovered by MalwareHunterTeam), the perpetrators of the ransomware have automated this process so that the ransomware distributes itself throughout a domain when executed on a domain controller.
This development of automating ransomware poses a major risk to the world of cybersecurity. Ransomware attacks account for anywhere from 70-90% of cyber attacks — if the lion’s share of cyber attacks are now able to be pushed out with a major portion of the infection process happening automatically, the base level for cybersecurity must rise to meet this threat. With so many individuals and companies not having a strong enough emphasis on cybersecurity, this is a daunting thought to have to deal with.
To try and secure your business against such attacks, take preventative measures — implement strong cybersecurity practices as a basis for all employees in your company including use of strong passwords and continuous trainings in order to have employees up-to-date on emerging threats. Additionally, utilize a strong network firewall in order to detect and block incoming attacks before they breach your networks.
Image by Bleeping Computer.