Comment: LockBit Ransomware Self-spreads To Quickly Encrypt 225 Systems

By   ISBuzz Team
Writer , Information Security Buzz | May 06, 2020 11:47 am PST

Bleeping Computer is reporting that a feature of the LockBit ransomware allows threat actors to breach a corporate network and deploy their ransomware to encrypt hundreds of devices in just a few hours. Started in September 2019, LockBit is a relatively new Ransomware-as-a-Service (RaaS) where the developers are in charge of the payment site and development and ‘affiliates’ sign up to distribute the ransomware. As part of this setup, the LockBit developers earn a percentage of the ransom payments, typically around 25-40%, while the affiliates receive a more significant share at about 60-75%.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
James McQuiggan
James McQuiggan , Security Awareness Advocate
May 6, 2020 7:59 pm

Often, during times when there are cases of ransomware, it\’s due to a successful social engineering phishing attack. In this instance, it was due to a brute force attack against a VPN configuration to the administrator’s password. Namely, the criminal group was able to sit at the front door of the building and spend several days picking the lock without being noticed.

Organisations want to establish robust procedures for administrative VPN access into their network with either multi-factor authentication or a solid password of 30 characters or more to reduce the risk of a brute force attack. Additionally, it\’s essential to fortify that front door by having all external, internet-facing software up to date to avoid possible exploitation, providing the criminal groups with an easy way into the network.

Last edited 3 years ago by James McQuiggan

Recent Posts

Would love your thoughts, please comment.x