Bleeping Computer is reporting that a feature of the LockBit ransomware allows threat actors to breach a corporate network and deploy their ransomware to encrypt hundreds of devices in just a few hours. Started in September 2019, LockBit is a relatively new Ransomware-as-a-Service (RaaS) where the developers are in charge of the payment site and development and ‘affiliates’ sign up to distribute the ransomware. As part of this setup, the LockBit developers earn a percentage of the ransom payments, typically around 25-40%, while the affiliates receive a more significant share at about 60-75%.
Often, during times when there are cases of ransomware, it\’s due to a successful social engineering phishing attack. In this instance, it was due to a brute force attack against a VPN configuration to the administrator’s password. Namely, the criminal group was able to sit at the front door of the building and spend several days picking the lock without being noticed.
Organisations want to establish robust procedures for administrative VPN access into their network with either multi-factor authentication or a solid password of 30 characters or more to reduce the risk of a brute force attack. Additionally, it\’s essential to fortify that front door by having all external, internet-facing software up to date to avoid possible exploitation, providing the criminal groups with an easy way into the network.