Interpol has issued a warning regarding a LockBit ransomware campaign actively targeting American medium-sized companies.
Interpol has issued a warning regarding a LockBit ransomware campaign actively targeting American medium-sized companies.
LockBit is a human-operated Ransomware-as-a-Service (RaaS) operation where the developers make the ransomware available to customers called affiliates who can sign up and distribute the ransomware.
The developer will be in charge of the payment and receives around 25-40% of ransom payment, and affiliated receives about 60-75% of the ransom.
The ransomware was first observed in 2019 while targeting healthcare organisations and critical services.
Now a combined analysis report was published by Interpol's Cybercrime Directorate which includes data from 48 Interpol countries, 4 private partners, Interpol's Cybercrime Threat Response (CTR) unit and Cyber Fusion Centre (CFC) regarding an active campaign targeting medium-sized companies in some countries.
According to Bleeping computer, the LockBit ransomware is capable of breaching a corporate network and encrypt hundred of devices in just a few hours.
According to the analysis McAfee, the ransomware after executing and encrypting the files in the devices, it also performs an ARP requests to find other active devices in the network and attempts to connect to them through SMB.
If connected it execute a remote PowerShell command to download LockBit ransomware and execute it.
These infected computers will help to spread the ransomware infection to other computers quickly. This way it helps the ransomware breach a network and infects hundred of devices in just a few hours.
"In the first two weeks of April 2020, there was a spike in ransomware attacks by multiple threat groups which had been relatively dormant for the past few months,"
"This implies that there may still be organizations that have been infected but where the ransomware has not yet been activated." said in the Interpol report
The report also mentioned the ransomware threats actors are also targeting European healthcare organization and critical infrastructures.
Always follow these basic instructions to protect yourself from any ransomware attack:
- Perform regular backups. Ideally, this data should be kept on a separate device, and backups should be stored offline
- Maintain updated Antivirus software for all systems
- Don’t open attachments in unsolicited e-mails, even if they come from people in your contact list, and never click on a URL contained in an unsolicited email, even if the link seems benign. In cases of genuine URLs close out the e-mail and go to the organization’s website directly through the browser.
- Keep the operating system and third-party applications (MS office, flash player, browsers, browser Plugins) up-to-date with the latest patches
- Use strong passwords for all your device and accounts, enable Two Factor Authentication.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?