LockBit new variants

LockBit 3.0 Arising with New Variants with Different Ransom Demand Procedures

3 Mins Read

PureVPNNewsLockBit 3.0 Arising with New Variants with Different Ransom Demand Procedures

Last year, the release of the LockBit 3.0 ransomware builder resulted in malicious actors misusing the tool to create new variations.

A Russian cybersecurity firm, Kaspersky, identified a ransomware breach that employed a version of LockBit but with a noticeably different procedure for demanding ransoms.

The attacker in this incident opted for a distinct ransom note, linked to an unknown group called NATIONAL HAZARD AGENCY, as stated by security researchers Eduardo Ovalle and Francesco Figurelli.

Direct ransom notes

The updated ransom note directly specified the payment amount for decryption keys and provided communication details for a Tox service and email. This was unlike the LockBit group, which didn’t mention the payment and had its communication platform.

NATIONAL HAZARD AGENCY isn’t the sole cybercriminal group exploiting the leaked LockBit 3.0 builder. Other threat actors like Bl00dy and Buhti are also known to use it.

Can you believe it?

Kaspersky found 396 unique LockBit samples, of which 312 were generated using the leaked builders. About 77 samples didn’t reference “LockBit” in the ransom note.

You might be the next target!

ADHUBLLKA

Netenrich examined a ransomware strain, ADHUBLLKA, which has rebranded several times since 2019 and targeted individuals and small businesses for low payouts ranging from $800 to $1,600 per victim.

Although these versions had minor alterations in encryption methods, ransom notes, and communication, they were all linked to ADHUBLLKA due to code similarities.

Linux Ransomware Threats

Ransomware constantly evolves, with changes in tactics and targets. It’s now targeting Linux environments, focusing on families like Trigona, Monti, and Akira, with connections to Conti-affiliated actors.

August 2023 MONTI Locker help screen

Akira has also been implicated in attacks on Cisco VPN products, exploiting them to gain unauthorized access to enterprise networks.

According to Sophos’ 2023 Active Adversary Report, the median time for ransomware incidents dropped from nine to five days in the first half of 2023, indicating faster operations by ransomware gangs. In contrast, non-ransomware incidents took longer, with a maximum dwell time of 112 days. Most ransomware attacks occurred on Fridays or Saturdays.

Amid a surge in ransomware attacks, the Cl0p ransomware group breached over 1,000 organizations by exploiting flaws in the MOVEit Transfer app, impacting millions of individuals. Estimated profits from this supply chain attack could reach $75 million to $100 million.

Also read: Ransomware Trends

Feeling secure? Not really!

The speed at which ransomware gangs operate, as evidenced by the decrease in dwell time, underscores the urgency in enhancing detection, prevention, and response strategies. 

It is imperative for cybersecurity professionals to stay vigilant, adaptive, and collaborative. The time to be secure is now or never!

author

PureVPN

date

August 28, 2023

time

1 year ago

PureVPN is a leading VPN service provider that excels in providing easy solutions for online privacy and security. With 6000+ servers in 65+ countries, It helps consumers and businesses in keeping their online identity secured.

Have Your Say!!

Join 3 million+ users to embrace internet freedom

Signup for PureVPN to get complete online security and privacy with a hidden IP address and encrypted internet traffic.