Double Extortion Ransomware and the Heightened Surge of Conti Attacks
Government agencies, including CISA, FBI, and NSA, have issued a stern caution to US organizations regarding the escalating threat posed by Conti Ransomware.
UltraViolet Cyber
July 17, 2023
Similar to other ransomware-as-a-service (RaaS) operations, LockBit 2.0 has begun recruiting affiliates to carry out intrusions and exfiltration on targeted systems.
In the aftermath of DarkSide and REvil shutting down their operations, the LockBit gang has embarked on a hiring spree, enticing insiders to aid in compromising systems by plastering wallpapers on compromised systems and offering multimillion-dollar payouts.
LockBit 2.0 exhibits characteristics and behaviors reminiscent of Ryuk and Egregor, showcasing the influence of these notorious ransomware strains.
Recently, Bangkok Airways fell victim to a cyberattack orchestrated by the LockBit ransomware group, resulting in the exposure of stolen data. LockBit typically targets enterprises and government entities, exploiting their vulnerabilities to coerce them into paying ransoms to restore normalcy.
Accenture, a prominent outsourcing and accounting firm, also faced a LockBit attack earlier this month. With revenues of $44.33 billion in 2020 and a global workforce of 569,000 employees spanning 50 countries, Accenture allegedly received a $50 million cryptocurrency ransom demand from the cybercriminals. The deadline was repeatedly extended until Accenture concluded that the stolen data held little significance.
In yet another high-profile incident, UK train operator Merseyrail fell victim to LockBit in April 2021. Despite the trains running on schedule, the cybercriminals managed to compromise a company director's Office 365 account, exploiting it to boast about their achievement by sending emails to employees and journalists.
File Hashes:
URLs:
Tactics, Techniques, and Procedures (TTPs):
On August 23, 2021, a Russian-speaking tech blog YouTube channel called "Russian OSINT" published an interview with representatives of LockBit, unveiling crucial details about their operations. The LockBit 2.0 representative boasted about their ransomware's advanced technical features, enabling it to outperform competitors. Notable features include:
It is worth noting that LockBit refrains from targeting healthcare and educational institutions, social services, and charities, as they prioritize the development and safety of human beings.
Considering LockBit 2.0's capabilities, ongoing developments, and recruitment efforts, organizations must proactively prepare for future upgrades and heightened threats. Here are some recommendations to help prevent and mitigate the impact of LockBit attacks:
By adhering to these recommendations and best practices, organizations can fortify their defenses, mitigate the risk of LockBit attacks, and maintain robust data security and regulatory compliance. UltraViolet Cyber stands ready to support organizations in their security endeavors and safeguard their valuable assets.
LockBit 2.0 is a sophisticated and dangerous ransomware strain. It is an evolved version of the original LockBit ransomware, known for its highly targeted attacks on organizations and networks.
LockBit 2.0 employs advanced encryption techniques to lock victims' data and demand hefty ransoms for decryption keys. This ransomware is notorious for its rapid encryption speed, leading to widespread data encryption within minutes. It is often delivered through phishing emails or by exploiting vulnerabilities in systems. The threat actors behind LockBit 2.0 demand significant ransom payments, making it a severe cybersecurity concern for businesses and organizations worldwide..
LockBit 2.0 exemplifies the growing sophistication and danger of ransomware attacks. Its rapid encryption speed and targeting of large enterprises demonstrate a shift towards more lucrative targets. With anonymous operators using advanced techniques, LockBit 2.0 underscores the evolving nature of ransomware threats and the need for robust cybersecurity measures.
To protect against threats like LockBit 2.0, organizations should implement a multi-layered cybersecurity strategy. This includes regular data backups, robust endpoint security, network segmentation, employee training on phishing awareness, and timely software patching. Additionally, deploying advanced threat detection and response solutions is crucial for early detection and mitigation of ransomware attacks.
We’re here to help. Get in touch for an initial conversation with one of our security experts and learn more about how UltraViolet Cyber can help you take cyber readiness and resilience to new levels.