LockBit 2.0 ransomware attack analysis

Community Feature - D3fD3c0y

Curated Intelligence member D3fD3c0y recently shared with us a very handy infographic analysing Lockbit 2.0 ransomware attacks. The infographic is based on D3fD3c0y's research using OSINT sources and vendor reports. The infographic highlights which areas of interest defenders should focus on to successfully protected from a LockBit 2.0 attack.

LockBit ransomware (previously known as ABCD ransomware) first appeared in September 2019. In June 2021, the ransomware rebranded to LockBit 2.0, like several other families have recently. This includes DarkSide to BlackMatter and DoppelPaymer to Grief. LockBit is a Ransomware-as-a-Service (RaaS) operation that has been linked to some high-profile attacks lately, such as Accenture, following the launch of a marketing campaign to recruit new affiliates. If the threat actors are to be believed, the latest LockBit iteration includes a number of features, including self-propagation, removal of shadow copies, and printing of ransomware demands via printers detected on the target network. It also claims to offer the fastest encryption on the ransomware market. 

Since June 2021, LockBit 2.0 has compromised over 50 large organisations across multiple sectors. These include accounting, automotive, consulting, engineering, finance, technology, hospitality, insurance, law enforcement, legal services, manufacturing, energy, retail, transportation, logistics, and utilities in the following countries: Argentina, Australia, Austria, Belgium, Brazil, Germany, Italy, Malaysia, Mexico, Romania, Switzerland, the UK, and the US.

Curated Intel Community Features are sourced using our Member Content channel on Discord. If you have recently produced a noteworthy piece of writing, a project, a podcast, an infographic or other CTI content let us know!