Security News > 2022 > April > Attackers unleash LockBit ransomware on US government computers
Attackers unleash LockBit ransomware on US government computers.
One attack highlighted in the report found that ransomware groups spend at least five months combing through a regional U.S. government agency's files and system before deploying a LockBit attack onto the affected computer.
"Working together with the target, Sophos researchers were able to build a picture that started with what appears to be novice attackers breaking into the server, poking around the network and using the compromised server to Google a combination of pirated and free versions of hacker and legitimate admin tools to use in their attack."
The one silver lining in this situation was that the attackers seemed inexperienced and not sure what to do after gaining access to the government network.
"The most important first step is to try to prevent attackers from gaining access to a network in the first place, for example by implementing multi-factor authentication and setting firewall rules to block remote access to RDP ports in the absence of a VPN connection. If a member of the IT team hasn't downloaded them for a specific purpose, the presence of tools on machines on your network is a red flag for an ongoing or imminent attack."
Also See Share: Attackers unleash LockBit ransomware on US government computers.
News URL
Related news
- Ransom Cartel, Reveton ransomware owner arrested, charged in US (source)
- US accuses man of being 'elite' ransomware pioneer they've hunted for years (source)
- Alleged Karakut ransomware scumbag charged in US (source)
- US Marshals Service disputes ransomware gang's breach claims (source)
- Iran Cyber Attack: Fox Kitten Facilitates Ransomware in US (source)
- US sanctions crypto exchanges used by Russian ransomware gangs (source)