LOCK BIT – SCI & TECH
News: Explained
| What is LockBit ransomware and why is it targeting macOS?
What's in the news?
● On
April 16, reports emerged that LockBit
ransomware was found to be targeting Mac devices, in a first.
Key takeaways:
● Cybercriminals
have developed new ransomware encryptors designed to target macOS devices,
making this the first major ransomware operation to specifically target Apple
computers.
● The
new encryptors target both older Macs and newer ones running on Apple Silicon.
What is LockBit ransomware?
● First
reported in September 2019 and dubbed the “abcd” virus, due to the file
extension used when encrypting victim’s files, the LockBit ransomware is
designed to infiltrate victim's systems and encrypt important files.
● The
virus is categorized as a “crypto virus”
due to its requests for payment in cryptocurrency to decrypt the files on the
victim’s device.
Cyber Attack:
● The
gang behind the LockBit ransomware reportedly maintains a dark web portal to recruit members and release data of
victims who refuse to meet their demands, as part of their business model.
● In
the past, LockBit ransomware has been used to target enterprises and organizations
in the U.S., China, India, Ukraine, and Indonesia.
● Attacks
have also been recorded throughout Europe, including in France, Germany, and
the U.K.
Why is LockBit targeting macOS?
● Historically,
ransomware has targeted Windows, Linux, and VMware ESXi servers. However, the
LockBit is now working to create encryptors targeting Macs for the first time
recently.
How does LockBit ransomware work?
● It
works as a self-spreading malware, not requiring additional instructions once
it has successfully infiltrated a single device with access to an organizational
intranet.
● It
also known to hide executable encryption files by disguising them in the PNG
format, thereby avoiding detection by system defences.
● Attackers
use phishing tactics and other
social engineering methods to impersonate trusted personnel or authorities to
lure victims into sharing credentials.
● Once
this is ensured, the ransomware places an encryption lock on all system files,
which can only be unlocked via a custom key created by the LockBit gang.
What is the LockBit ransomware gang?
● The
group behind this is known as the LockBit gang. It is considered the most
prolific ransomware group ever.
● It
operates on the ransomware-as-a-service
(Raas) model and comes from a line of extortion cyberattacks.
● In
this model, willing parties put down a deposit for use in a custom attack and
make profits through the ransom payment.
● The
ransom is divided between the LockBit developer team and attacking affiliates,
who receive up to three-fourths of the ransom.
How to protect systems against the LockBit ransomware?
● While
there are no fool-proof ways of protecting against ransomware attacks, organizations
and individuals can take certain steps to increase resilience against such
cyber threats.
● The
use of strong passwords, with strong
variations of special characters which are not easy to guess along with
multi-factor authentication should be implemented. This ensures the use of
brute force will not be enough to compromise systems.
● Organizations
can also undertake training exercises to educate
employees on the use of phishing attacks and their identification.