LockBit ransomware app

[Hacker]

This article was written for educational purposes only. We do not call anyone to anything, only for information purposes! The author is not responsible for your actions

The LockBit ransomware app is launching a new series of attacks against employees of organizations in Taiwan, Italy, the United Kingdom and Chile. The app offers a reward of millions of dollars for valid login credentials. Representatives of the Trend Micro company told about it.

Unlike the 2019 version, LockBit 2.0 targets Active Directory and automatically encrypts devices across all Windows domains. This is one of the fastest and most efficient data encryption methods, as it is multithreading and only 4 KB of data is fully encrypted per file.

Several methods are used to connect to systems. The scanner scans the network for a domain controller. At the same time, command line files are used to disable security tools, activate RDP connections, delete event log entries, and block critical processes like MySQL, QuickBooks, and Microsoft Exchange.

Then the main ransomware module adds the suffix .lockbit to each encrypted file and places a ransom note in each encrypted directory. Instead of wallpaper, ads and instructions for paying the ransom appear on the desktop.

As you can see, the application not only routinely demands a ransom for encrypted data, but also recruits supporters. These backers must provide authentic RDP credentials to compromise corporate networks. Hackers are supplying partners with StealBit malware, which is capable of automatically accessing and extracting data.