How does LockBit 2.0 work?
As the name suggests LockBit 2.0 is reportedly an improved variant of the LockBit ransomware, which started its operations in September 2019 as a ransomware-as-a-service (RaaS) by a group based in Russia. The group would recruit third parties in order to gain access to networks and encrypt devices.
LockBit 2.0 was then announced in June 2021, which then saw the ransomware gang involved in never-before-seen levels of activity, as notified by the Australian Cyber Security Centre. The new variant boasts more advanced features such as achieving automatic device encryption across domains using Active Directory group policies when it’s executed on a domain controller, and the group also claims that it can be done without the need for scripts.
Through the creation of new group policies, the ransomware will disable Microsoft Defender’s real-time protection capabilities across all devices in a network. Once it gains access and executed using a UAC bypass, the ransomware program will gain the ability to encrypt the data silently in the background without any form of forewarning.
Why not to worry about it?
Ransomware such as LockBit 2.0 can be removed by recovering files from a previous backup or restore point, however, this process may not restore already compromised data.
Managed Service Providers use various tools and take proactive action to prevent ransomware from infecting computer devices. Management tools such as N-Central by N-able will monitor all devices across a network and has its own integrated EDR and automatic rollback methods. In the meantime, premium anti-virus programs such as SentinelOne can help prevent these types of attacks against businesses.
Nonetheless, if you’re infected it is advised to never pay the ransom as it is advised by the FBI and other intelligence organisations. As this would only encourage cybercriminals to launch additional attacks against you or other potential targets.
Another way of getting rid of ransomware such as LockBit 2.0 is by using a free decryptor software available online, however such decryptors are not always reliable and may not work against LockBit 2.0 at present.
The best form of action to thwart such attacks is always being watchful and educating yourself about emerging ransomware attacks.
Related Article –
Kaseya Hacked – Is your Managed Service Provider protected from cyber threat?