What is LockBit?
What makes LockBit especially dangerous is the speed with which it can spread within a network. After infection, the ransomware looks for connected systems and devices to spread further and encrypt more files. In this way, it can easily extort businesses by disrupting business activities and stealing and disclosing data.
LockBit avoids detection by disabling security software and hiding from monitoring, making quick identification and containment by security teams difficult. Another feature: It uses 'double-extortion' by stealing data and threatening to leak it if payment is not made. This increases the pressure to pay on victims through potential reputational damage and legal consequences.
The attackers behind LockBit often operate through a 'Ransomware-as-a-Service' (RaaS) model, renting out their ransomware infrastructure to other cybercriminals. This makes it easier for less tech-savvy attackers to carry out ransomware campaigns, contributing to the spread and danger of LockBit.
How does LockBit work?
LockBit ransomware is considered by experts to be part of the "LockerGoga & MegaCortex" malware family. They behave similarly to this well-known form of ransomware.
They have the following characteristics:
- It spreads itself within an organisation and requires no manual actions;
- Targeted: it is not distributed haphazardly like spam;
- They use similar tools to spread like Windows Powershell and Server Message Block.
The important thing to remember is that these attacks are self-propagating. There is an automated process programmed in advance.
After reaching one host manually, the attacker can easily find other hosts and link them to the infected host to spread the infection.
LockBit attacks unfold in three stages:
- Exploitation: First, they exploit network weaknesses, often through phishing or brute force, to gain access and prepare the network for malware propagation.
- Infiltration: LockBit then infiltrates deeper to gain control of the system, disabling security mechanisms and preparing for attack
- Implementation: In the final stage, the encryption malware is spread, locking files until a ransom is paid. Although victims are encouraged to pay a ransom, there is no guarantee of file recovery.
How do we tackle ransomware?
At VanRoey, we recognise that having the right tools is only the beginning. An effective defence against ransomware like LockBit requires, on the one hand, a deep understanding of the threat and the underlying technology, and on the other, a layered security approach that goes beyond traditional methods.
Our approach includes continuous monitoring, rapid incident response, and continuous fine-tuning of security measures on the evolving threat landscape. In addition, we strongly believe in the importance of Security Awareness, as human error often plays a critical role in successful cyberattacks.
With our Zero Trust strategy we strengthen the first line of defence against attacks such as LockBit, but the most important factor is Managed Detection & Response (MDR). This will nip an actual infection, even in the case of an unprecedented zero-day, in the bud immediately and thanks to artificial intelligence.
Protect yourself from malware like Lockbit, together with VanRoey
Wondering how we put a rock-solid IT security puzzle in place at thousands of organisations to protect them from (among other things) ransomware?
Feel free to talk to us and we will be happy to show you how and why our tools work so effectively. You can also count on us for a thorough IT Security Audit, so you know perfectly how vulnerable your environment is today... You will also get a comprehensive report on what concrete steps you can take to improve security.
vat no.*
share this post:
