Why is it in the News?

The U.S. Department of Justice has indicted Russian national Dimitry Yuryevich Khoroshev, 31, and announced a $10 million reward for any information leading to his apprehension.

What is LockBit Ransomware?

• LockBit is a type of ransomware involving financial payment in return for decryption.
• It mainly targets businesses and government agencies rather than consumers.
• Its potential targets are the institutions that would be hampered by the inconvenience and have sufficient means to pay a large payment.
• It is developed and operated by a cybercriminal group known as LockBit, which offers ransomware-as-a-service (RaaS) to other malicious actors.
• Formerly known as ABCD ransomware, has evolved into a distinct danger within the spectrum of extortion tools.
  • It carries out its attacks mainly via email attachments.
• The cyber assaults through LockBit ransomware can be traced back to September 2019, when it got its first nickname, “abcd virus.”
  • The nickname was derived from the filename used when encrypting a victim’s data.
• They are considered one of the most prolific and aggressive organizations in the industry, and their actions are raising anxiety among security professionals worldwide.

How LockBit Ransomware Operates?

• Exploitation: LockBit ransomware breaches systems through social engineering tactics like phishing or brute force attacks on intranet servers.
  • Initial breach probes may take only a few days.
• Infiltration: Once inside a network, LockBit uses post-exploitation techniques to escalate privileges and move laterally to assess targets.
  • It disables security programs and infrastructure for recovery, making independent recovery difficult.
• Deployment: LockBit spreads across the network, encrypting system files and leaving ransom notes in each folder.
  • Payment of the ransom is often seen as the only viable option for victims to regain access to their systems.

How Does LockBit Ransomware Spread?

• LockBit typically spreads via phishing emails with malicious attachments or through drive-by downloading from infected websites.
• It utilizes common Windows tools like Windows PowerShell or Server Message Block, making it challenging for endpoint security systems to detect.
• Additionally, it disguises its encrypting executable file as a common PNG picture file, further evading system defenses.

Takes ransom in Bitcoins:

• LockBit hackers use so-called ransomware to infiltrate systems and hold them hostage.
• They demand payment to unlock the computers they’ve compromised and often threaten to leak stolen data to pressure victims to pay.
• The group typically demands ransom payments in Bitcoin.