The malware has a variety of tactics and tools and has been active in several countries around the world.
Research carried out by Trend Micro, a global cybersecurity solutions company, reveals the techniques, procedures and damage caused by malicious software LockBit, considered one of the most active ransomware today. With strong malware capabilities and a robust affiliate program, organizations need to be vigilant to detect potential risks and defend against this dangerous virus.
LockBit first appeared as the “ABCD” malware in September 2019 and has been improved to become a Ransomware-as-a-Service (RaaS), business model that involves selling or renting ransomware with the conversion of profits for the team of developers and their affiliates.
According to Rodrigo Garcia, Commercial Director at Trend Micro, the malware has infection chains that show a variety of tactics and tools employed. “Affiliates often buy access to targets from another threat actor, who typically obtain it through phishing, exploiting vulnerable applications or desktop protocol accounts remotely. By knowing their techniques, organizations can strengthen their defenses to prevent current and future attacks.”
LockBit is also known for hiring network access brokers, cooperating with other criminal groups (such as the now defunct Maze), recruiting insiders of talented companies and hackers. With these strategies, the group has become one of the most organized cybercriminal gangs in the world.
What do organizations need to know about LockBit?
Their method is double extortion, which adds more pressure to victims. One of their tactics was the creation and use of the StealBit malware, which automated data exfiltration, promoting faster and more efficient encryption, giving rise to LockBit 2.0.
According to data from the Trend Micro™ Smart Protection Network™ platform, LockBit has been detected worldwide. The United States leads the ranking of attacks with 2,915 records from July 1, 2021 to January 20, 2022, followed by India and Brazil. The health sector was the hardest hit in the period, with education and technology also being priority targets.
Experts believe that LockBit will increase its activity level in the coming months. “Organizations must keep abreast of the latest changes that may influence the security measures to be adopted. To help defend systems against threats, organizations need to establish cybersecurity frameworks that can systematically allocate resources, establishing a solid defense against ransomware,” explains Rodrigo Garcia.
To avoid the vulnerability, it is important to maintain some practices in the organization, such as identifying devices and software, granting administrative privileges only when necessary, and enabling security settings on network infrastructure devices. In addition, it is important to maintain protection measures such as backup, auditing event or incident logs, in addition to updating software, security solutions and applications.
Trend Micro recommends a multi-layered approach to protecting potential system entry points (endpoint, email, web and network) through the use of security solutions that can detect malicious components and suspicious behavior.
To read Trend Micro's in-depth research on LockBit Click here.
