LockBit named nastiest malware of 2024

Information management specialist OpenText has named LockBit the nastiest malware of 2024. The ransomware software was recently used to attack a South Australian council.

LockBit is a Ransomware-as-a-Service (RaaS) threat that has proven resilient to attempts from law enforcement agencies such as the US Federal Bureau of Investigation (FBI) to take it down. It is the only RaaS threat not to rebrand after a law enforcement takedown. It is commonly used to attack public sector targets.

The FBI’s 2023 Internet Crime Report found that LockBit was reported in 175 attacks on critical infrastructure during the year.

Another top malware highlighted in the report known to have recently attacked Australian sectors and organisations is Akira, a malware targeting essential industries including healthcare, technology and finance.

Likewise RansomHub was recently responsible for releasing sensitive Australian data on the dark web following attacks on organisations including Kempe Engineering, McDowall Affleck and Hudson Civil Engineering.

Other malware in the 2024 ‘hall of infamy’ include Dark Angels, known for targeted, high-impact attacks on top tier targets; Redline, a malware known for stealing credentials and sensitive information; and Play Ransomware, which targets public and private sectors by seeking to exploit FortiOS vulnerabilities and Remote Desktop Protocol (RDP) servers.

OpenText EVP and Chief Product Officer Muhi Majzoub said these threats are an increasing problem for organisations worldwide.

“Ransomware attacks on critical infrastructure are on the rise, and cybercriminals are increasingly using artificial intelligence to develop highly personalised threats, which significantly endangers national security and public safety,” he said. “However, the increased attention on ransomware and cybersecurity is encouraging, as more organisations are proactively prioritising cybersecurity investments. This commitment highlights their dedication to safeguarding essential services from evolving threats.”

Majzoub cited Gartner predictions that organisations worldwide will increase their cybersecurity investments by 14.3% in 2024 to a combined total of more than US$215 billion ($325.06 billion) as they adapt to the evolving threat landscape.

Image credit: iStock.com/solarseven