With the recent surge of online users and interactions due to the coronavirus lockdown keeping everyone at home and forcing workers to bring their jobs indoors, cybercriminals have had a more significant number of targets to focus their attacks on.
A recent virus, the LockBit ransomware, has made its way to the forefront of cyber threats with its speed of infection and severity. LockBit is a recent Ransomware-as-a-Service (RaaS) that was released to the world in September 2019.
A dastardly malicious malware
The creators behind the virus are the ones holding the site up and taking payments from anyone willing to sign up and spread the malware themselves. Developers of LockBit then get a share of 25-40 percent of the ransom payments and a higher share of 60-75 percent for affiliates.
McAfee Labs researchers, along with Northwave, a cybersecurity firm, have joined forces and filed a joint report that shows just how LockBit ransomware affiliates powered through a corporate network and encrypted 25 servers and at least 255 workstations in a matter of three hours.
The hack started with the cybercriminals brute-forcing their way through an administrator account that was equipped with an outdated VPN service. The opportunity gave them access to administrative credentials that they needed to release LockBit into the network entirely.
McAfee analysts said the new ransomware features a substantial rate of infection that can spread to the rest of the computers on the network, all on its own.
Encrypting a target device's files isn't the only threat that LockBit has up its sleeve, it is also capable of performing ARP requests to search for and locate other active hosts on the network and will attempt to spread over to them over Server Message Block (SMB) protocol.
If or when the attack is successful, then the malware will issue a remote PowerShell command to download itself into the device and run itself.
LockBit spreads faster the more devices it infects, due to utilizing each one to attack another to force itself and grow even further. This feature of the virus is what makes it severely threatening compared to most other malware, with its speed and non-reliance on a manual helper.
The virus is expected to continue to grow and expand its reach due to how easy it is to execute that requires little to no skill to deploy.
Some computer security helpful advice
Experts advise users and businesses to keep their networks safe by applying security hygiene that plays a crucial role in preventing cyberattacks from being successful. It is also imperative to know how to lockdown frequent attack vectors like RDP access to make sure your network is safe.
Another thing to look at would be backing up your files and storing them at a separate and secure location or device that is not connected to your main network to reduce the chances of them being accessed at once.
With the recent surge of ransomware, IT teams and C-suites have only recently started to prevent and secure themselves from these kinds of attacks actively. A little bit of planning can also go a long way in preparing yourself to be protected from any malware.