Ransomware Threats Like LockBit Looming Over American Businesses: Interpol

Interpol has released a report on the evolution of cybercrime during the COVID-19 pandemic. The report suggests that cybercriminals who used to target individuals and small businesses are now shifting towards governments, major corporations, and critical infrastructure.

The security impact of COVID-19 on Americas

Interpol’s report highlights the impact of the COVID-19 pandemic across the globe. Particularly across the Americas, a sharp increase has been observed in COVID-19 themed phishing and fraud campaigns.
  • An active LockBit ransomware campaign has been targeting medium-sized organizations using publicly available CrackMapExec penetration testing tool for its lateral movement within the targeted networks.
  • Several attackers are also targeting employees working from home while attempting to gain control over the corporate networks by exploiting remote access capabilities.

LockBit’s recent attack spree

Interpol specifically mentions LockBit ransomware campaigns in its report. First identified in September 2019, this ransomware has been targeting healthcare and critical services.
  • In May 2020, a LockBit ransomware affiliate had hacked into an unnamed corporate network, where it had targeted around 25 servers and 225 workstations within a few hours.

An affiliated service

LockBit operates as a Ransomware-as-a-Service (RaaS), where 'affiliates' can sign up with the developers, and then distribute the ransomware on a profit-sharing basis.
  • After any successful heist by the affiliate, the LockBit developers earn around 25-40% of ransom payment, while the affiliate takes hefty 60-75% share.
  • In May 2020, it was found that LockBit had partnered with Maze ransomware operators to form an extortion syndicate, in which they were sharing a common leak platform and other tactics.

Overall threat perspective

Interpol report named several other ransomware including CERBER, NetWalker, and Ryuk as potential threats to organizations. Besides the other top cyber threats during the COVID-19 pandemic, as identified by the report, the other threats include phishing scams and frauds, ransomware attacks, malicious domains, and fake news. Organizations must consider these threats while preparing their current and post-pandemic security strategies.