Ransomware incidents have been occurring for over 30 years, but it’s only in the last decade that the term “ransomware” has appeared regularly in popular media. Ransomware is a type of malicious software that blocks access to computer systems or encrypts files until a ransom is paid. Cybercriminal gangs have adopted ransomware as a get-rich-quick scheme and, in the era of “ransomware as a service,” it has become a prolific and highly profitable tactic. The LockBit group is one of the many gangs operating in the ransomware space, and it has been increasingly visible, with several high-profile victims recently appearing on the group’s website.
LockBit refers to both the malicious software (malware) and to the group that created it. This form of malware is deliberately designed to be secretly deployed inside organizations to find valuable data and steal it. However, rather than simply stealing the data, LockBit is a form of ransomware. Once the data has been copied, it is encrypted, rendering it inaccessible to the legitimate users. This data is then held to ransom – pay up, or you’ll never see your data again. To further threaten the victim, if the ransom is not paid, they are threatened with the publication of the stolen data (often described as double extortion). Not much is known about the LockBit group, but based on their website, they don’t have a specific political allegiance, and they also don’t limit the number of affiliates.
Some high-profile victims of LockBit include the United Kingdom’s Royal Mail and Ministry of Defence, Japanese cycling component manufacturer Shimano, and aerospace company Boeing. The LockBit group has been linked to almost 2,000 victims in the United States alone, and it’s clear that the LockBit software is being used by a diverse range of criminals in a service model.
In recent years, ransomware as a service (RaaS) has become popular, enabling inexperienced criminals to deliver ransomware campaigns to multiple targets quickly and efficiently. The RaaS platform handles the malware management, data extraction, victim negotiation, and payment handling, effectively outsourcing criminal activities. This system can generate significant revenue for the group, including the deposit of 1 Bitcoin (approximately A$58,000) required from new users.
Protecting against ransomware requires good cybersecurity practices, such as updating and patching systems, using strong password and account management, and monitoring networks for unusual activity. Whether or not to pay a ransom is a matter of preference and ethics for each organization, but making it more difficult for criminal groups to get in can help minimize the likelihood of a compromise.