Últimas notícias

Fique informado

Researchers Detail Techniques LockBit Ransomware Using to Infect its Targets

8 de julho de 2022


Nuvens Tempestuosas: Navegando pelo Panorama Complexo da Cibersegurança na Nuvem

Enquanto as organizações migram cada vez mais dados e serviços para a nuvem, a complexidade e a magnitude das ameaças cibernéticas também crescem.

15 de maio de 2024

Cancelamento de hipotecas – Assinatura avançada versus qualificada – Parte II

Essa segunda parte discute os padrões e requisitos para o processamento eletrônico de documentos no registro de imóveis no Brasil.

15 de maio de 2024

Cancelamento de hipotecas – Assinatura avançada versus qualificada – Parte I

Questão das assinaturas eletrônicas no Registro de Imóveis é incerta, mesclando aspectos tecnológicos e jurídicos.

14 de maio de 2024

Por que é tão complexo se proteger de ataques cibernéticos? Por Rodrigo Fragola

“A meta agora não é alcançar segurança absoluta, mas sim segurança relativa no mercado em que se atua.” Fragola

13 de maio de 2024

Edmar Araujo, o novo diretor-executivo da ANCD concede sua 1ª entrevista ao Crypto ID

Edmar Araujo diretor-executivo da Associação Nacional de Certificação Digital e fala com exclusividade ao Crypto ID.

13 de maio de 2024

Confira 7 dicas para a redução do uso de papel nas empresas

São sete dicas essenciais para ajudar as empresas a reduzirem o uso de papel e promoverem práticas mais sustentáveis.

9 de maio de 2024

LockBit ransomware attacks are constantly evolving by making use of a wide range of techniques to infect targets while also taking steps to disable endpoint security solutions.

The affiliates that use LockBit’s services conduct their attacks according to their preference and use different tools and techniques to achieve their goal“, Cybereason security analysts Loïc Castel and Gal Romano said. “As the attack progresses further along the kill chain, the activities from different cases tend to converge to similar activities“.

LockBit, which operates on a ransomware-as-a-service (RaaS) model like most groups, was first observed in September 2019 and has since emerged as the most dominant ransomware strain this year, surpassing other well-known groups like ContiHive, and BlackCat.

This involves the malware authors licensing access to affiliates, who execute the attacks in exchange for using their tools and infrastructure and earn as much as 80% of each successful ransom payment received from the victims.

LockBit also utilizes the popular technique of double extortion to exfiltrate vast amounts of data prior to encrypting the assets of the target, netting the cybercriminal syndicate no fewer than 850 victims on its data leak site as of May 2022.

According to a leak site data analysis by Palo Alto Networks Unit 42, LockBit accounted for 46% of all ransomware-related breach events for the first quarter of 2022. In June alone, the group has been tied to 44 attacks, making it the most active ransomware strain.

LockBit ransomware attacks are known to employ several avenues for initial infection: Exploiting publicly-exposed RDP ports, relying on phishing emails to download malicious payloads, or leveraging unpatched server flaws that allow the affiliates to gain remote access to the targeted network.

Following this step are reconnaissance and credential theft activities, which enable the actors to move laterally across the network, establish persistence, escalate privileges, and launch the ransomware. This is also accompanied by running commands to delete backups and subvert detection by firewalls and antivirus software.

In the three years since LockBit appeared on the scene, the RaaS scheme has received two notable upgrades, with the threat actors debuting LockBit 2.0 in June 2021 and launching the third installment of the service, LockBit 3.0, last month with support for Zcash cryptocurrency payment options and a bug bounty program — the first for a ransomware group.

The initiative claims to offer rewards of up to $1 million for finding security blind spots in its website and locker software, submitting brilliant ideas, doxing the head of the gang’s affiliate program, or identifying ways that could expose the IP of the server hosting the website on the TOR network.

The bug bounty program is yet another sign that hacker groups are increasingly functioning as legitimate IT enterprises, incorporating HR departments, regular feature releases, and even bonuses for solving challenging problems.

However, indications are that LockBit 3.0, also called LockBit Black, is inspired by another ransomware family known as BlackMatter, a rebranded version of DarkSide that shuttered in November 2021.

Large portions of the code are ripped straight from BlackMatter/Darkside,” Emsisoft researcher Fabian Wosar said in a tweet earlier this week. “Guess it is clear that LockBit got their dirty hands on another group’s code.”

Source: The Hacker News


Crypto ID publishes international articles about information security, digital transformation, cyber security, encryption and related topics.

Please check here!


Crypto ID publica artículos internacionales sobre seguridad de la información, transformación digital, ciberseguridad, encriptación y temas relacionados.

¡Por favor, compruébalo aquí!

Você quer acompanhar nosso conteúdo? Então siga nossa página no LinkedIn!