LOCKBIT RANSOMWARE

Disclaimer: Copyright infringement not intended.

Context

• LockBit ransomware was found to be targeting Mac devices, in a first. 

What is LockBit ransomware?

• First reported in September 2019 and dubbed the “abcd” virus, due to the file extension used when encrypting victim’s files, the LockBit ransomware is designed to infiltrate victims’ systems and encrypt important files.
• The virus is categorised as a “crypto virus” due to its requests for payment in cryptocurrency to decrypt the files on the victim’s device.
• The ransomware is therefore typically deployed against victims who feel hindered enough by the disruption to pay heavy sums in exchange for access and can afford to do so.
• In the past, LockBit ransomware has been used to target enterprises and organisations in the U.S., China, India, Ukraine, and Indonesia. Attacks have also been recorded throughout Europe, including in France, Germany, and the U.K.

How does LockBit ransomware work?

• It works as a self-spreading malware, not requiring additional instructions once it has successfully infiltrated a single device with access to an organizational intranet. It is also known to hide executable encryption files by disguising them in the .PNG format, thereby avoiding detection by system defences.
• Attackers use phishing tactics and other social engineering methods to impersonate trusted personnel or authorities to lure victims into sharing credentials.
• Sometimes, the ransomware has also used brute force to gain access to the intranet server and network of an organization.
• Once it has gained access, the ransomware prepares the system to release its encryption payload across as many devices as possible.
• It then disables security programs and other infrastructures that could permit system data recovery. The goal is to ensure that data recovery without assistance from the LockBit gang is impossible.

https://www.thehindu.com/sci-tech/technology/explained-lockbit-ransomware-and-why-its-targeting-macos/article66766214.ece