LockBit has become one of the most notorious ransomware groups that is currently operating. They are very active on dark web forums and use negative publicity of other ransomware groups to recruit jaded threat actors to their own operation. Recently, there has been a significant increase in ransomware attacks targeting companies in northern Europe. These attacks are being carried out using the LockBit locker. One of the most concerning aspects of these recent attacks is the way in which they are being conducted. The LockBit Locker group is known for using a combination of advanced techniques, even phishing, and also social engineering, to gain initial access to a company’s network. Once they have access, they use a variety of tools and techniques to move laterally throughout the network, compromising systems and stealing sensitive data.
One of the most recent attacks was reported by Computerland in Belgium against SMBs in the country: according to the company they were targeted by a group of cybercriminals who appeared to be using a variant of the LockBit locker malware. However, upon further investigation, it was discovered that these attackers were not likely related to the real LockBit group, but rather “wannabes” who had obtained a leaked version of the malware. Despite not being the true LockBit Locker group, these micro criminals were still able to cause significant damage by encrypting many internal files. However, the company was able to restore its network from backups and no client workstations were affected during the intrusions. Among the increasing popularity of extortion practices in the criminal underground, even among less sophisticated actors, this incident also highlights the dangers of outdated software and systems. In conclusion, the recent ransomware attacks targeting North European SMBs companies are a serious concern for many reasons: despite the reduced effectiveness due to the lack of experience of the criminal operators, the targeted industries suffered significant outages and data exfiltration.