RSS
Логотип
Баннер в шапке 1
Баннер в шапке 2
2024/06/07 16:56:25

LockBit (ransomware virus)

Content

Ransomware Viruses (ransomware)

Main article: Ransomware ransomware ransomware viruses (ransomware)

Chronicle

2024

Two Russians in the United States admitted to participating in the Lockbit hacker group

On July 18, 2024 United States Department of Justice , it reported that two Russians recognized themselves as members of a hacker group LockBit specializing in conducting a cyber attacks ransomware virus. They confessed to illegal activities and, Ruslan Astamirov Mikhail Vasiliev who face long-term imprisonment. More here

The FBI received 7,000 LockBit ransomware decryption keys and began helping people unlock computers

U.S. Federal Bureau of Investigation (FBI) announced the receipt of more than 7,000 decryption keys for the LockBit ransomware virus, which allows the agency to help victims of this malware restore access to their data. This was announced on June 6, 2024 by Brian Vorndran, assistant director of the cyber division. FBI

The LockBit glitch allowed the FBI to obtain the keys, and the unit is now actively helping victims get their data back, Vorndran said. The agency urges anyone who has been the victim of this cyber attack to contact an internet crime complaint center for help.

The FBI announced the receipt of more than 7 thousand decryption keys for the LockBit ransomware virus

Vorndran noted that this step became possible almost three months after LockBit was disabled during an international law enforcement operation. Despite this, less than a week later, the band returned to the network. Now the number of available decryption keys significantly exceeds the 1000 keys seized earlier during the February raids.

In February 2024, the authorities Great Britain USA Australia announced new sanctions against LockBit, naming the alleged administrator of the group, a Russian Dmitry Khoroshev known as LockBitSupp. According to law enforcement agencies, the US authorities offered a reward of 10 million for dollars revealing his identity. As a result of his identification, he was sanctioned by the UK Department of Foreign Affairs, the Office of Foreign Assets Control of the US Department of the Treasury and the Australian Department of Foreign Affairs.

Erich Kron, security awareness officer at KnowBe4 Inc., noted the importance of storing encrypted data even if it was recovered from backups.

File:Aquote1.png
The infrastructure was repeatedly attacked, and decryption keys became available, "said Kron. - Even organizations that recovered data from backups often faced a shortage of some data. In such cases, the provided decryption keys can help recover lost information. Of course, the ability to recover data is nice, but this does not solve the problem for those organizations whose data were made public for refusing to pay a ransom. Unfortunately, encryption is just part of the problem.[1]
File:Aquote2.png

The leader of the group fell under US sanctions

On May 7, 2024, the United States imposed sanctions on Russian Dmitry Khoroshev, who is said to be the leader of the world's largest group of LockBit ransomware hackers. For information that will lead to his arrest, a reward of $10 million is assigned. Read more here.

2023

The famous ransomware group announced the theft of information from Boeing

At the end of October, a message appeared on the website of one of the most active ransomware groups LockBit about the hacking of Boeing's information systems using an unknown vulnerability and organizing the leakage of confidential data. Hackers published the data received from the company. More

Ransomware attack on Varian IT systems paralyzes equipment in hospitals

In early August 2023, Siemens Healthineers announced that the computer infrastructure of its subsidiary Varian Medical Systems was subjected to a cyber attack, behind which is the LockBit ransomware group. The hacker invasion paralyzed the operation of equipment in medical institutions. Read more here.

Work of Japan's largest port paralyzed due to ransomware virus attack

On July 5, 2023, the administration of Japan's largest cargo port, located in Nagoya, reported a hacker invasion. As a result of the ransomware virus attack, computer systems were paralyzed. Read more here.

Hackers made public the data of 8.9 million patients of one of the largest dentistry network in the United States, which refused to pay a ransom of $10 million

On May 26, 2023, MCNA Dental (Managed Care of North America), one of the largest providers of dental and health insurance services in the United States, reported a hack of its information infrastructure. Cybercriminals stole data on approximately 8.9 million patients. Read more here.

The LockBit ransomware gang began using ransomware based on the code of the sensational malware Conti

The LockBit ransomware gang has started using third-party ransomware in theirs again. attacks This time, the attackers used a program based on. to leak source code Conti This became known on February 2, 2023.

Since the beginning of its activity, LockBit has used many variations of various data ransomware.

The Conti ransomware gang was disbanded in May 2022 after a series of data breaches. About 170 thousand internal messages of cybercriminals were leaked to the network, as well as the source code of the ransomware of the same name. Shortly after the source code of Conti was leaked, other hacker groups began to use it to create their own ransomware.

File:Aquote1.png
It's strange that they decided to create a payload based on Conti, they also have their own ransomware, "CyberGeeksTech said.
File:Aquote2.png

When testing the sample on a virtual machine, it was noticed that the ransom note was changed. The old template from LockBit 3.0 is used.

LockBit Green buyout memo

It was also noticed that the ransomware adds the extension. "fc59d76b" to encrypted files, and not. "lockbit," as it was before. Perhaps the extension is not fixed, but differs from launching to launching malware.

Another encrypted file extension used in LockBit Green

While researchers are puzzling why the LockBit group uses a Conti-based ransomware, conspiracy theories are already being built on the network. Some security experts believe that the former members of the Conti gang are behind LockBit Green, and it is corny more convenient for them to use their own development[2].

2022

Japanese police learn how to unlock computers infected with LockBit

At the end of December 2022, information appeared that law enforcement agencies Japan managed to successfully restore the data of several companies attacked by a dangerous one. virus extortioner

We are talking about the LockBit malware. It appeared approximately at the end of 2019 and quickly became one of the most common ransomware ransomware. Targets range from large multinationals to local authorities. LockBit automatically searches for a suitable victim, spreads over the network and encrypts all data on infected devices. After that, the attackers demand a ransom for restoring access to information.

Japanese police have learned to unlock computers in state-owned companies infected with the world's most common ransomware virus

As now reported, the Japanese police managed to decrypt corporate data blocked by the LockBit malware without paying a ransom. In particular, since April 2022, the National Police Agency of Japan has helped restore information to three companies (including from the public sector) that were victims of the named ransomware.

File:Aquote1.png
We were able to avoid losing data or having to pay for their return, "said a spokesman for Nittan, which was attacked by LockBit in September 2022.
File:Aquote2.png

Any details about the technique for recovering encrypted files are not disclosed. It is only noted that the Japanese police employ about 2,400 investigators and technical specialists involved in cybercrime, including about 450 experts involved from the industry and the scientific industry.

A survey conducted by Trend Micro among 2,958 enterprises and organizations in 26 countries in the world in May and June 2022 showed that 66% of them have been attacked by ransomware over the past three years. Moreover, more than 40% of the victims said they agreed to the demands of the attackers to pay the ransom.[3]

The IT infrastructure of the defense giant Thales has been infiltrated by a ransomware virus. Hackers demand ransom

On November 11, 2022, hackers attacked the American branch of the largest French corporation Thales, which specializes in military electronics and cyber defense. The data is published on the platform of the hacker group LockBit. Read more here.

Foxconn plant in Mexico attacked by cyber drivers

On June 1, 2022, it became known that LockBit 2.0, using the ransomware of the same name, announced that it had successfully attacked a Foxconn plant in Mexico. Attackers threaten to post stolen information on the network on June 11. Read more here.

LockBit ransomware virus started blocking Accenture client systems

At the end of August 2021, it became known that the LockBit hacker group used the credentials that were accessed during a cyber attack on Accenture and began blocking the company's customer systems. Read more here.

Accenture attacked Lockbit ransomware virus

In early August 2021, Accenture was the victim of a Lockbit ransomware virus attack. Company officials claim the incident had little impact on its operations. Read more here.

Notes