On Wednesday, a group of seven countries, including the United States, Canada, Britain, France, Germany, Australia, and New Zealand, collectively identified the primary ransomware threat worldwide as the criminal organization known as "LockBit." This digital extortion gang operates under the banner of LockBit and has been recognized as the leading purveyor of ransomware.
The cyber authorities of these nations issued a joint advisory, highlighting LockBit's ransomware software, which encrypts victims' data until a ransom is paid. Notably, this software has gained widespread usage among cybercriminals, making LockBit the most prevalent ransomware threat globally.
What is LockBit Ransomware?
According to the Canadian Centre for Cyber Security, LockBit ransomware has been observed as early as 1989 and has since evolved into the most prevalent cyber threat encountered by Canadians. This malicious software has gained significant prominence and poses a substantial risk to individuals and organizations across the country.
The Canadian Centre for Cyber Security has reported a significant surge in global ransomware attacks. In the first half of 2021, these attacks witnessed a staggering increase of 151 percent compared to the corresponding period in the previous year. This alarming rise in ransomware incidents further emphasizes the urgent need for enhanced cybersecurity measures and heightened vigilance in the face of evolving cyber threats.
How it Works?
LockBit ransomware is a pernicious form of malicious software that specifically aims to immobilize users' computer systems until a ransom is paid. It operates in a sophisticated manner by autonomously assessing potential lucrative targets, spreading the infection, and encrypting all accessible systems within a network.
This type of ransomware primarily focuses on carrying out highly targeted attacks against enterprises and various other organizations.
The operators behind LockBit have established a notorious reputation by issuing menacing threats on a global scale.
They Employ a Range of Tactics, Including:
Disrupting operations: LockBit ransomware executes its attack in such a way that critical functions within an organization abruptly come to a halt. This disruption can have severe consequences for the affected entities.
Extortion for financial gain: The primary motive behind LockBit attacks is monetary gain. The cybercriminals responsible for this ransomware demand a ransom payment from the victims in exchange for restoring access to their systems and data.
Data theft and blackmail: In addition to encryption, LockBit ransomware also poses a significant risk of data theft. If victims fail to comply with the ransom demands, the attackers may resort to the illegal publication of stolen data as a means of coercion and blackmail.
What is the Recent Development?
The precursor to LockBit ransomware was initially detected in September 2019, as stated in the advisory its first appearance on cybercrime forums primarily focused on Russian-language discussions. This indicates the timeline and origin of LockBit's ransomware operations, highlighting its initial activities within the realm of Russian-language-based cybercrime forums.
Although the joint advisory provided specific numbers for only three countries, namely 1,700 LockBit-related incidents in the United States, 69 in France, and 15 in New Zealand, LockBit ransomware represents a significant portion of the overall ransomware incidents monitored by all seven participating governments.
According to the advisory, the involved agencies estimated that the LockBit group was responsible for approximately 11 percent to 23 percent of recent ransomware attacks worldwide. This data highlights the substantial impact and prevalence of LockBit's ransom-seeking hacks across multiple regions, underscoring the urgency to address and combat this cyber threat effectively.
