Security News

LockBit ransomware attacks are constantly evolving by making use of a wide range of techniques to infect targets while also taking steps to disable endpoint security solutions. LockBit, which operates on a ransomware-as-a-service model like most groups, was first observed in September 2019 and has since emerged as the most dominant ransomware strain this year, surpassing other well-known groups like Conti, Hive, and BlackCat.

LockBit ransomware gang promises bounty payment for personal data. In a new twist on the ransomware game, the LockBit cybercrime group has launched a bug bounty program promising money to people willing to share sensitive data that can be exploited in ransomware attacks.

The LockBit ransomware operation has released 'LockBit 3.0,' introducing the first ransomware bug bounty program and leaking new extortion tactics and Zcash cryptocurrency payment options. The ransomware operation launched in 2019 and has since grown to be the most prolific ransomware operation, accounting for 40% of all known ransomware attacks in May 2022.

LockBit ransomware affiliates are using an interesting trick to get people into infecting their devices by disguising their malware as copyright claims. The recipients of these emails are warned about a copyright violation, allegedly having used media files without the creator's license.

The threat cluster dubbed UNC2165, which shares numerous overlaps with a Russia-based cybercrime group known as Evil Corp, has been linked to multiple LockBit ransomware intrusions in an attempt to get around sanctions imposed by the U.S. Treasury in December 2019. "These actors have shifted away from using exclusive ransomware variants to LockBit - a well-known ransomware as a service - in their operations, likely to hinder attribution efforts in order to evade sanctions," threat intelligence firm Mandiant noted in an analysis last week.

American cybersecurity firm Mandiant is investigating LockBit ransomware gang's claims that they hacked the company's network and stole data. The ransomware group published a new page on its data leak website earlier today, saying that the 356,841 files they allegedly stole from Mandiant will be leaked online.

Evil Corp has shifted tactics once again, this time pivoting to LockBit ransomware after U.S. sanctions have made it difficult for the cybercriminal group to reap financial gain from its activity, researchers have found. The U.S. Treasury Department's Office of Foreign Assets Control sanctioned Evil Corp in December 2019 in a widespread crackdown on the dangerous and prolific cybercriminal group best known for spreading the aforementioned info-stealing Dridex malware and later its own WastedLocker ransomware.

The Evil Corp cybercrime group has now switched to deploying LockBit ransomware on targets' networks to evade sanctions imposed by the U.S. Treasury Department's Office of Foreign Assets Control. Active since 2007, Evil Corp is known for pushing the Dridex malware and later switching to the ransomware "Business."

Attackers unleash LockBit ransomware on US government computers. One attack highlighted in the report found that ransomware groups spend at least five months combing through a regional U.S. government agency's files and system before deploying a LockBit attack onto the affected computer.

A regional U.S. government agency compromised with LockBit ransomware had the threat actor in its network for at least five months before the payload was deployed, security researchers found. According to researchers at cybersecurity company Sophos, the actor accessed the network through open remote desktop ports on a misconfigured firewall and then used Chrome to download the tools needed in the attack.