• Home
  • Hosting
  • Tech
  • Server
  • Security
Mex Linux
  • Home
  • Hosting
  • Tech
  • Server
  • Security
No Result
View All Result
mexlinux.com
  • Home
  • Hosting
  • Tech
  • Server
  • Security
No Result
View All Result
mexlinux.com
No Result
View All Result

LockBit ransomware seamlessly encrypts 225 systems

admin by admin
May 13, 2020
Home Latest
Share on FacebookShare on Twitter

LockBit ransomware seamlessly encrypts 225 systems

With the LockBit ransom function, attackers can penetrate the corporate network and use their buy-back programs to encrypt hundreds of devices in just a few hours.

From September 2019, LockBit will be a relatively new ransom service (RaaS) where the developers will be responsible for the payment and development site and where the partners commit to distribute the ransom.

LockBit ransomware seamlessly encrypts 225 systems LockBit release note

With this installation, LockBit developers typically earn around 25-40% of the ransom, while affiliates get a larger share – around 60-75%.

Three hour encrypted enterprise network

In a new joint report by researchers from McAfee Labs and Northwave, a cyber security company, we get an overview of how the LockBit solution software entered the company’s network and encrypted approximately 25 servers and 225 workstations.

It was all done in just three hours.

According to Patrick Van Looy, cybersecurity specialist at Northwave, the hackers had access to the network and brutally forced the management account to go through the outdated VPN service.

Although most cyber attacks require hackers to access management accounts after the network has been hacked because they already have a management account, they had a head start and could quickly deploy a ransom program over the network.

In this particular case, it was a classic hit-and-run. After the attacker had gained access via the raw VPN application, he started almost immediately with the ransom (which he could obtain with the administrative account to which he had access). The main access took place around 1 a.m., after which the ransom was hung and the intruder was checked around 4 a.m.. It’s the only interaction we’ve seen, Louis BleepingComputer said by e-mail.

Not all devices on the network were encrypted, which Looy associates with a bug in the buy-back program that caused the program to crash.

For systems that are encrypted, this is quickly done thanks to an interesting feature built into LockBit.

Distributed LockBit

McAfee’s analysis shows that LockBit’s buy-back program includes a feature that allows it to be extended to other computers on the network.

When it is running, in addition to encrypting device files, LockBit executes ARP queries to find other active hosts on the network and then tries to connect to those hosts via SMB.

LockBit ransomware seamlessly encrypts 225 systems Connecting to other computers via SMB

If the blackmailer was able to connect to the computer via SMB, he will issue a remote PowerShell command to download and execute the blackmailer.

LockBit ransomware seamlessly encrypts 225 systems LockBit solvent download and run order

As more and more computers on your network are infected, the same infected computers help speed up the installation of the ransom on the other computers on your network.

This feature allowed attackers to hack into the network and automatically encrypt 225 computers in just three hours.

The faster you attack, the smaller the chance that you will be detected.

When attackers enter a network, they are more likely to be detected the longer they move through the network.

This means that unskilled hackers are more likely to be detected than more experienced and advanced attackers if they try to spread the network from the site.

The automatic distribution of the ransom program makes it easier for unskilled attackers to carry out an attack.

An unusual aspect compared to the other cases we have had is that the attacker was only online for this short period of time. Usually we see intruders online for days or even weeks before ransom demands are made.

In this particular case, the aggressor did not need to be so qualified. The repurchase program is distributed on its own, so as soon as it gets access (by the administrator), it just runs the repurchase program, and the job is done, Louis BleepingComputer.com said.

Because LockBit is fast and easy to implement, we can expect it to continue to grow and expand at the expense of affiliates who want to get in and out of the network quickly while encrypting most of their devices.

admin

admin

Next Post
LockBit ransomware seamlessly encrypts 225 systems

Forcefully re-encrypt the certificate on Linux or Unix

Recommended.

LockBit ransomware seamlessly encrypts 225 systems

How to install FreeOffice (Last) on Linux

July 29, 2020
LockBit ransomware seamlessly encrypts 225 systems

Where to safely save iptables Firewall rules on Linux

August 25, 2020

Trending.

LockBit ransomware seamlessly encrypts 225 systems

Got Kids? Limit Computer Usage Per Account in Linux With Timekpr-nExt

October 29, 2020
LockBit ransomware seamlessly encrypts 225 systems

How to restart the Ubuntu 20.04-Linux Hint network

September 25, 2020
LockBit ransomware seamlessly encrypts 225 systems

LockBit ransomware seamlessly encrypts 225 systems

May 13, 2020
LockBit ransomware seamlessly encrypts 225 systems

Download Ultimate ‘Security for Management’ Presentation Template

October 30, 2020
LockBit ransomware seamlessly encrypts 225 systems

How to capitalize the first letter of the python string and other uses of the capitalize) (function – Linux Hint

May 5, 2020
mexlinux.com

MexLinux.com

We develop for Linux for a living, We used to develop for DOS.
Going from DOS to Linux is like trading a glider for an F117.

Categories

  • Hosting
  • Latest
  • Security
  • Server
  • Tech

Recent News

LockBit ransomware seamlessly encrypts 225 systems

Delivering value to a remote workforce: A practical approach

November 19, 2020
LockBit ransomware seamlessly encrypts 225 systems

Tetrade hackers target 112 financial apps with Ghimob banking TrojanSecurity Affairs

November 18, 2020
  • Home
  • Hosting
  • Tech
  • Server
  • Security

© 2020 MexLinux - Sitemap

No Result
View All Result
  • Home
  • Hosting
  • Tech
  • Server
  • Security

© 2020 MexLinux - Sitemap