The Proliferation of LockBit 2.0 Attacks

What’s the latest update?

• According to the latest telemetry by Trend Micro, researchers revealed that they had detected multiple LockBit 2.0 attack attempts in Chile, Italy, Taiwan, and the U.K.
• These attacks were active between July 1 and August 15.
• Apart from these attacks, the ransomware variant also made the headlines with a massive attack against a giant professional service firm that was asked to pay a ransom of nearly $50 million in ransom.

A glance at LockBit 2.0 strategy

• In an attempt to expand its attack scope, LockBit 2.0 ransomware group is hiring corporate insiders to infiltrate and encrypt corporate networks.
• The gang is using Windows wallpaper saved on encrypted devices to place the offer for corporate insiders.
• The advertisement claims to offer millions of dollars to insiders having access to internal accounts.

Other unique strategies adopted

• The threat actors linked to LockBit 2.0 are also using the RaaS model to sell the ransomware as per their affiliates’ needs. Additionally, they offer various panels and attack statistics to provide victim management capabilities to their affiliates.
• One of the tactics involves StealBit that can be used to exfiltrate data.
• Among other tools used include Metasploit Framework and Cobalt Strike.
• LockBit 2.0 also abuses legitimate tools such as Process Hacker and PC Hunter to terminate processes and services in the victim system.

Worth noting

• LockBit, previously known as ABCD ransomware, was a partner in crime with Maze ransomware.
• But after Maze’s shutdown, the group went on with its own leak site, which led to the formation of LockBit in September 2019.
• Two years later, version 2.0 emerged that shares similarities with Ryuk and Egregor ransomware.

Final words