Ransomware is a form of malware that encrypts a victim’s files. The attacker will then demand a ransom from the victim to give back access to the data by providing a decryption key. The payment maybe accepted in the form of Bitcoin or other methods like gift cards, Western Union etc., however, Bitcoin is usually the most popular method due to the anonymity the cryptocurrency blockchain provides. Currently, LockBit 2.0 is one of such threats for the organizations in Australia.
LockBit 2.0 is an emerging ransomware attack that is currently infecting thousands of organizations worldwide as well as a number of organizations in Australia, although not yet as effective as some of the more infamous ransomware attacks such as WannaCry and the more recent RYUK 2020, it has the potential to improve its methods and effectiveness as the attackers keep infecting more computers.
How does LockBit 2.0 work?
As the name suggests LockBit 2.0 is reportedly an improved variant of the LockBit ransomware, which started its operations in September 2019 as a ransomware-as-a-service (RaaS) by a group based in Russia. The group would recruit third parties in order to gain access to networks and encrypt devices.
LockBit 2.0 was then announced in June 2021, which then saw the ransomware gang involved in never-before-seen levels of activity, as notified by the Australian Cyber Security Center. The new variant boasts more advanced features such as achieving automatic device encryption across domains using Active Directory group policies when it’s executed on a domain controller, and the group also claims that it can be done without the need for scripts.
Through the creation of new group policies, the ransomware will disable Microsoft Defender’s real-time protection capabilities across all devices in a network. Once it gains access and executed using a UAC bypass, the ransomware program will gain the ability to encrypt the data silently in the background without any form of forewarning.
Why not to worry about it?
Ransomware such as LockBit 2.0 can be removed by recovering files from a previous backup or restore point, however, this process may not restore already compromised data.
Managed Service Providers use various tools and take proactive action to prevent ransomware from infecting computer devices. Management tools such as N-Central by N-able will monitor all devices across a network and has its own integrated EDR and automatic rollback methods. In the meantime, premium anti-virus programs such as SentinelOne can help prevent these types of attacks against businesses.
Nonetheless, if you’re infected it is advised to never pay the ransom as it is advised by the FBI and other intelligence organizations. As this would only encourage cybercriminals to launch additional attacks against you or other potential targets.
Another way of getting rid of ransomware such as LockBit 2.0 is by using a free decryptor software available online, however such decryptors are not always reliable and may not work against LockBit 2.0 at present.
The best form of action to thwart such attacks is always being watchful and educating yourself about emerging ransomware attacks.
Related Article –