The threat group, known as LockBit, is one of the most notorious ransomware groups operating currently. As a result, they have become very active on dark web forums. In addition, they are exploiting the negative publicity created by other ransomware groups to recruit more hardened cybercriminals for their agenda.
The rate at which ransomware attacks have targeted companies in northern Europe has increased significantly. It appears that these attacks are being conducted using a device known as the LockBit locker. This is believed to be one of the tools used by a criminal affiliation program dubbed Gangrel.
There is a wide range of industries that have been targeted by the LockBit group. It has caused significant disruptions and financial losses for a wide range of companies, from small to multinational.
As a result of the nature of these new attacks, one of the most concerning characteristics is how they are being undertaken. A company's network is at risk from the LockBit Locker group. This group exploits a variety of advanced security techniques to gain initial access to the network through phishing and social engineering, among others. Having gained access to a network, attackers use a wide variety of tools and techniques to reach various parts of the network and steal sensitive information. These include sensitive system information.
There has been an increase in attacks on small and medium-sized businesses in Belgium, as reported by Computerland in the country. There was, however, a report by the company that explained that the company was targeted by a group of cybercriminals using a variant of the LockBit locker malware. This variant appeared to have been used by the company. Following a thorough investigation, it was discovered that these attackers were unlikely to be connected with the LockBit group but rather were "wannabes" who had gained access to leaked versions of the malware.
Despite not being the real LockBit Locker group, these micro-criminals were still able to inflict significant damage by encrypting a large number of internal files.
There was, however, no impact on the company's computer system as a result of the intrusion, as backups had been made, and none of the client workstations were lost.
The incident is one of many highlighting the dangers of outdated software and systems. This is true especially for less sophisticated actors, even in the criminal underground, where extortion practices seem to be gaining popularity.
According to the report, in this case, the attackers were able to utilize the company's FortiGate firewall to gain access to the company's sensitive data. They did this by taking advantage of unpatched vulnerabilities. According to the Known Exploited Vulnerabilities Catalog maintained by the Center for Internet Security Awareness, unpatched FortiGate firewalls are prone to several vulnerabilities currently being exploited by cybercriminals. However, in these recent cases, the flaws exploited were the infamous "Fortifuck" flaws that date back as far as 2018.
Unattended exposure through a branch internet gateway has allowed exploits to be made of these flaws to be discovered and exploited. As a result, these gateway sites are usually less well-protected than the central network, which may put attackers at an advantage in terms of gaining access to the network.
The recent ransomware attacks against small and medium-sized businesses in North Europe are highly concerning for several reasons. Even though the criminal operators' lack of experience reduced their effectiveness, extended outages and data exfiltration were experienced by the targeted industries despite the reduced effectiveness of the criminal operators.
Briefing on Threat Actors
There is a well-known ransomware affiliation program known as LockBit, which started in September of 2019 and involves the developers of the malicious software hiring unethical penetration testing teams to spread the ransomware as a third party. There are a few gangs that have established double-extortion practices. The Stealbit malware was part of the toolkits used by this gang to support such attacks.
It is well known that during Lockbit's infamous career, a large number of small and medium businesses and large corporations such as Accenture and Royal Mail were targeted. During the infection process, the victim will be redirected to a gang payment site managed by the ransomware developers once they have infected the environment. The attackers threatened the victim that they would leak the victim's data to get her to pay more money.