ACSC warns of steep rise in LockBit ransomware attacks

The Australian Cyber Security Centre (ACSC) has warned of an increase in attacks targeting Australian organisations using the LockBit ransomware.

In a threat advisory given a medium alert status, ACSC said it is aware of “numerous incidents” involving LockBit affiliates successfully deploying ransomware on corporate systems in Australia since 2020.

The LockBit ransomware as a service was updated in June to version 2.0 and allegedly bundled with a built-in information-stealing function known as ‘StealBit’, according to the advisory.

The majority of known victims in Australia have been reported after July, indicating a steep increase in threat activity.

LockBit attackers use the ‘double extortion’ technique involving both the conventional method of encrypting data as well as uploading stolen and sensitive victim information on the ‘LockBit 2.0’ dark net website and threatening to sell and/or release this information if ransom demands are not met.

Recently the ACSC has observed LockBit threat actors exploiting previously discovered vulnerabilities in the Fortinet FortiOS and FortiProxy products to gain their initial access to victim networks.

Attackers have successfully targeted corporate systems in a variety of sectors, including professional services, construction, manufacturing, retail and food. The ACSC warned that threat actors involved in ransomware activity are opportunistic in nature and are capable of victimising organisations in any sector.

Meanwhile, the operators behind the ransomware as a service have previously advertised partnership opportunities for threat actors that could provide credential-based accesses to Remote Desktop Protocol (RDP) and virtual private network (VPN) remote access solutions, giving them another attack vector.

Image credit: ©stock.adobe.com/au/pinkeyes