The Australian Cyber Security Centre (ACSC) issued an alert warning of increasing attacks on Australian organizations by LockBit 2.0 ransomware. Recently, the group was found recruiting corporate insiders to enable them to infect and pilfer from corporate networks.
About the warning
The gang has successfully deployed malware on systems in the construction, retail, food, manufacturing, and professional services sectors. A major number of victims reported the incidents after July, implying that the number of victims witnessed a sharp increase in the month. The actors have pilfered data from victims who refused to pay the ransom. ACSC has also released a ransomware profile with details on the threat actor.
Why it matters
The LockBit ransomware gang uses the double extortion technique, which was made popular last year. The cybersecurity agency has also observed the gang abusing flaws in Fortinet FortiOS and FortiProxy products. The ACSC has warned that the group is extremely dynamic and can target any industry. In addition to this, the group has advertised partnership opportunities for attackers who have remote access to RDP and VPN solutions.
About LockBit
- The threat actor launched operations in September 2019and basically works as a RaaS.
- In June, LockBit 2.0 was released, which features redesigned Tor sites and automatic encryption of devices across Windows domains.
- The ACSC has provided mitigations regarding the TTPs used by the threat actor.
The bottom line
LockBit has become quite an infamous name in the cybersecurity landscape. Therefore, implement MFA on all accounts, encrypt confidential data, and patch your systems to stay safe.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/07a3_shutterstock_1615702957.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/shutterstock_116047306.jpg)
