Go to listing page

Cybercriminals Impersonate LockBit to Target SMBs in Northern Europe

Cybercriminals Impersonate LockBit to Target SMBs in Northern Europe
Over the past few months, the LockBit gang has skyrocketed in fame within the underground criminal community. With the recent bust of the Hive infrastructure and the downfall of other notorious gangs like Conti, the cybercrime industry is seeing an opening for up-and-comers like LockBit.

The leaked LockBit locker is becoming a popular choice among small-time cybercriminals. And recent cases of LockBit locker-based extortion against small and medium businesses (SMBs) in Northern Europe show that local criminal gangs are jumping on the LockBit bandwagon.

Diving into details

Computerland in Belgium reported a recent attack on SMBs in the country, initially believed to be carried out by the LockBit Locker group using a variant of its malware. 
  • Further investigation showed that the attackers were not connected to the real LockBit group, but rather impersonators using a leaked version of the malware.
  • Though not the genuine LockBit group, these small-scale criminals caused significant harm by encrypting numerous internal files.
  • However, the company was able to recover its network through backups and client workstations remained unaffected during the intrusion.

Why this matters

The incident highlights the threat of outdated software and systems, as extortion practices become increasingly popular even among less sophisticated criminals.
  • In this case, the attackers took advantage of unpatched vulnerabilities in the FortiGate firewall. 
  • There are multiple vulnerabilities in unpatched FortiGate firewalls that are currently being exploited by cybercriminals, according to the CISA's Known Exploited Vulnerabilities Catalog. The exploited flaws, in this case, were the infamous "Fortifuck'' flaws from 2018.
  • These flaws were exploited via exposure through the company's branch internet gateway, which is often less secure than the main network and provides an easier point of entry for attackers.

The bottom line

In conclusion, patching vulnerabilities is one of the foremost and most significant actions that organizations and individuals can take to mitigate cyberattacks. And talking about LockBit impersonators, while their attacks are not as effective as the actual gang’s, the targeted industries suffer crucial data exfiltration and outages.
Cyware Publisher