Security News > 2022 > April > Attackers unleash LockBit ransomware on US government computers
Attackers unleash LockBit ransomware on US government computers.
One attack highlighted in the report found that ransomware groups spend at least five months combing through a regional U.S. government agency's files and system before deploying a LockBit attack onto the affected computer.
"Working together with the target, Sophos researchers were able to build a picture that started with what appears to be novice attackers breaking into the server, poking around the network and using the compromised server to Google a combination of pirated and free versions of hacker and legitimate admin tools to use in their attack."
The one silver lining in this situation was that the attackers seemed inexperienced and not sure what to do after gaining access to the government network.
"The most important first step is to try to prevent attackers from gaining access to a network in the first place, for example by implementing multi-factor authentication and setting firewall rules to block remote access to RDP ports in the absence of a VPN connection. If a member of the IT team hasn't downloaded them for a specific purpose, the presence of tools on machines on your network is a red flag for an ongoing or imminent attack."
Also See Share: Attackers unleash LockBit ransomware on US government computers.
News URL
Related news
- US sanctions LockBit ransomware’s bulletproof hosting provider (source)
- US charges operators of cryptomixers linked to ransomware gangs (source)
- All your 8Base are belong to us: Ransomware crew busted in global sting (source)
- US indicts 8Base ransomware operators for Phobos encryption attacks (source)
- UK, US, Oz blast holes in LockBit's bulletproof hosting provider Zservers (source)
- US newspaper publisher uses linguistic gymnastics to avoid saying its outage was due to ransomware (source)