The recent cyberattack by the LockBit ransomware group has left a trail of destruction in its wake, with ten new victims added to their dark web portal. Among the affected entities are Silver Airways, Taiwan Textiles, CABC, Plexus Teleradiology, Fiduciaire Cornelis & Budts, Palterton Primary School, Immobiliare Camarotto, SEALCO, Fédération Envie, and Diener Precision Pumps.
The modus operandi of LockBit involves infiltrating networks, encrypting critical data, and demanding ransom through their dark web portal. This is followed by a countdown timer that adds pressure, signaling the impending permanent loss of data. The group’s relentless tactics are evident in their choice of victims, targeting organizations regardless of their intent and location.
The brazen nature of the cybercriminals is evident through their open flaunting of their exploits. The Cyber Express reached out to some of the affected organizations to gather insights into the impact of the LockBit cyberattack. However, as of now, no official statements have been released by the victims, leaving the claims of the ransomware attack unverified.
LockBit ransomware has gained notoriety for its involvement in numerous cyberattacks, surpassing other ransomware variants in terms of activity. What sets LockBit apart is its preference for targeting small-to-medium-sized organizations, with victims facing an average ransom demand of approximately $85,000 per incident, as reported by BlackBerry.
The evolution of LockBit is evident from its history: first observed in September 2019, the ransomware group has since undergone iterations, with LockBit 2.0 surfacing in 2021 and the current version, LockBit 3.0, discovered in June 2022. The tactics employed by LockBit are sophisticated, often leveraging purchased access, unpatched vulnerabilities, insider information, and zero-day exploits to gain initial entry into target networks. Once inside, LockBit establishes control, exfiltrates sensitive data, and encrypts files, leaving victims in a state of distress.
A particularly nefarious aspect of LockBit’s strategy is its use of double extortion, coercing victims into paying not only to regain access to their encrypted files but also to prevent the exposure of their stolen data to the public. This strategy has proven highly lucrative for ransomware operators. Furthermore, LockBit often operates as a Ransomware-as-a-Service (RaaS), wherein an Initial Access Broker (IAB) facilitates the initial breach, selling access to the primary LockBit operators who then execute the second-stage exploitation.
This recent cyberattack by the LockBit ransomware group serves as a stark reminder of the growing threat posed by ransomware and the need for organizations to strengthen their cybersecurity measures. The impact of such attacks extends beyond financial losses, potentially leading to long-term reputational damage and legal implications. It is imperative for organizations to remain vigilant and proactive in safeguarding their digital assets against evolving cyber threats.