Kaspersky experts warn against LockBit ransomware, highlighting its determination to expand both the reach and impact of its malicious activities. Among the most productive ransomware groups in the world, LockBit recently upgraded their operations with cross-platform capabilities improve. It has also gained prominence for relentlessly targeting businesses around the world, leaving operational and financial damage in its wake.
An Evolving Threat: LockBit Ransomware
Initially, LockBit did not use leak portals, double extortion tactics or data exfiltrations before encrypting the victim’s data. However, the group has been constantly developing its infrastructure and security measures to protect its assets from various threats. Like admin panel attacks and DDoS (Distributed Denial of Service) attacks.
Expanded attack vectors
The cybersecurity community has detected that LockBit is adopting codes from other well-known ransomware groups, such as BlackMatter and DarkSide. This strategic choice not only simplifies operations for potential affiliates but broadens the range of attack vectors used by LockBit. Recent discoveries from Kaspersky’s Threat Attribution Engine (KTAE) have confirmed that Lockbit has integrated around 25% of the code previously used by the now defunct Conti ransomware group, resulting in a new variant known as LockBit Green.
Il ransomware LockBit
Kaspersky researchers have discovered a ZIP file containing some LockBit samples specifically adapted for different architectures, including Apple M1, ARM v6, ARM v7, FreeBSD and many others. Through extensive analysis and the use of the KTAE, it was confirmed that these samples were created from the previously observed version of LockBit Linux/ESXi. While some samples, such as the macOS variant, require further configuration and are not properly signed, it is evident that LockBit is actively testing their ransomware on various platforms. And this indicates an imminent expansion of attacks. It also underlines the need to adopt robust security measures on all platforms and to develop more awareness among the business community.
It is necessary to strengthen the defenses
Marc Rivero, Senior Security Researcher di Kaspersky’s Global Research and Analysis Team
LockBit is an extremely ransomware group active and notorious for its devastating cyber attacks on businesses around the world. With constant infrastructure improvements and the integration of code from other ransomware gangs, LockBit poses a major, constantly evolving threat to organizations across multiple industries. It is imperative that companies strengthen their defenses, constantly update security systems, educate employees on security best practices, and establish incident response protocols to effectively mitigate the risks posed by LockBit and other similar ransomware groups.
Protect yourself from ransomware attacks
To stay safe, Kaspersky recommends:
Always update the software on all devices you use to prevent attackers from exploiting vulnerabilities and infiltrating your network. Focus your defense strategy on detecting lateral movement and internet data leaks. Pay attention to outgoing traffic to detect possible cybercriminal connections to your network. Set up offline backups that cannot be compromised by cybercriminals that can be accessed quickly in case of need or emergency. Activate ransomware protection on all endpoints. Kaspersky Anti-Ransomware Tool for Business is available free of charge and allows you to protect computers and servers from ransomware and other types of malware. It also prevents exploits and is compatible with already installed security solutions. LockBit ransomware is in full swing
Install anti-APT and EDR solutions for advanced threat detection and detection, analysis and remediation in the event of an incident. Give your SOC group access to the latest threat intelligence and regularly update them with professional training. All of this is offered by the Kaspersky Expert Security framework.
Provide the SOC team with access to the latest threat intelligence. Kaspersky Threat Intelligence Portal is a single entry point to Kaspersky threat intelligence, providing data and insights into cyber attacks our team has detected over the past 20 years. To help businesses build effective defenses, Kaspersky has announced that it is offering free access to independent, up-to-date, worldwide information on cyber-attacks and threats.