Threat actors are riding high on the recently launched LockBit 2.0 ransomware that promises millions of dollars in return. The sophisticated 2.0 version uses various state-of-the-art techniques to perform ransomware intrusions, against targets including but not limited to the IT and banking sectors.

What’s the latest update?

  • According to the latest telemetry by Trend Micro, researchers revealed that they had detected multiple LockBit 2.0 attack attempts in Chile, Italy, Taiwan, and the U.K.
  • These attacks were active between July 1 and August 15.
  • Apart from these attacks, the ransomware variant also made the headlines with a massive attack against a giant professional service firm that was asked to pay a ransom of nearly $50 million in ransom.

A glance at LockBit 2.0 strategy

  • In an attempt to expand its attack scope, LockBit 2.0 ransomware group is hiring corporate insiders to infiltrate and encrypt corporate networks.
  • The gang is using Windows wallpaper saved on encrypted devices to place the offer for corporate insiders.
  • The advertisement claims to offer millions of dollars to insiders having access to internal accounts.

Other unique strategies adopted

  • The threat actors linked to LockBit 2.0 are also using the RaaS model to sell the ransomware as per their affiliates’ needs. Additionally, they offer various panels and attack statistics to provide victim management capabilities to their affiliates.
  • One of the tactics involves StealBit that can be used to exfiltrate data.
  • Among other tools used include Metasploit Framework and Cobalt Strike.
  • LockBit 2.0 also abuses legitimate tools such as Process Hacker and PC Hunter to terminate processes and services in the victim system.

Worth noting

  • LockBit, previously known as ABCD ransomware, was a partner in crime with Maze ransomware.
  • But after Maze’s shutdown, the group went on with its own leak site, which led to the formation of LockBit in September 2019.
  • Two years later, version 2.0 emerged that shares similarities with Ryuk and Egregor ransomware.

Final words

LockBit 2.0 is especially tricky for its fast encryption. Given the expanding nature of the ransomware, researchers assume that the LockBit group will continue to create chaos for a long time, making it more capable of infecting many companies and industries. While further developments in LockBit 2.0 are expected to be seen in the future, the current version is likely to cause significant damage to its victims, be it financial or reputational.

Cyware Publisher