Last Updated on 11/02/2022 by Nidhi Khandelwal
In a fresh flash notice published on Friday, the Federal Bureau of Investigation (FBI) disclosed technical data and indicators of breach linked with LockBit ransomware assaults.
It also included advice to assist enterprises in thwarting this adversary’s attempts to breach their networks, as well as a request that victims report such instances to their local FBI Cyber Squad as soon as possible.
Since its inception as a ransomware-as-a-service (RaaS) in September 2019, the LockBit ransomware gang has been particularly active, with gang members marketing the operation, offering support on Russian-language hacker forums, and recruiting threat actors to infiltrate and encrypt networks.
After ransomware perpetrators were barred from posting on cybercrime sites [1, 2], LockBit revealed the LockBit 2.0 RaaS on their data leak site two years later, in June 2021.
The ransomware gang revamped Tor sites and reworked the virus, adding more advanced capabilities like automated device encryption across Windows domains via Active Directory group settings, with the relaunch.
The gang is now attempting to eliminate the middlemen by enlisting insiders to supply them with access to corporate networks using VPN and Remote Desktop Protocol (RDP).