LockBit has claimed to have stolen 76 gigabytes worth of confidential data, including financial and IT records, certifications, and legal documents, in an attack on California’s Department of Finance. While officials aren’t divulging much information, the LockBit group gave the department until December 24 to meet its demands. Or else, it threatened to leak the department’s stolen information on the darknet.
LockBit is both a cybercrime group and a ransomware technology. LockBit’s ransomware is available to anybody who wants to purchase the technology and launch their attacks. A black-hat technology with support on darknet forums, it also has a bug bounty program. LockBit 3.0, also known as LockBit Black, is its most recent ransomware edition.
A LockBit attack goes something like this:
- LockBit 3.0 infects a victim’s device, encrypts files, and appends the extension, HLjkNskOq
- A command-line argument key (“-pass”) carries out the encryption
- LockBit 3.0 creates various threads to perform multiple tasks simultaneously (increasing encryption speed)
- LockBit 3.0 deletes certain services to make encryption and exfiltration easier
- An API harbors service control manager database access
- Desktop wallpaper changes (alerting victims to the attack)
Despite its sophistication, companies can avoid the threat LockBit and other actors similar to it pose by implementing two-factor authentication (2FA) and password-protecting RDP connections. Since cybercriminals seek easy targets with vulnerabilities, a proactive approach to network security is the only real way to stay safe.
Read more click here: