LockBit Ransomware
09.05.2024
LockBit Ransomware
|
For Prelims: About LockBit Ransomware, How does LockBit Ransomware Work? Recent Attacks |
Why in the news?
Recently, the USA has indicted Russian national Dimitry Yuryevich Khoroshev and announced a $10 million reward for his alleged involvement with LockBit ransomware.
About LockBit Ransomware:
- It is malicious software designed to block user access to computer systems in exchange for a ransom payment.
- It was formerly known as “ABCD” ransomware, but it has since grown into a unique threat within the scope of extortion tools.
- It is a subclass of ransomware known as a ‘crypto virus’ due to forming its ransom requests around financial payment in exchange for decryption.
- It focuses mostly on enterprises and government organizations rather than individuals. It functions as ransomware as a service (RaaS). It is now working to create encryptors targeting Macs for the first time.
- LockBit’s primary targets were private enterprises and government organizations in the United States, China, India, Indonesia, Ukraine, and Europe with crypto as the form of demanded ransom.
- In 2019 and 2020, Windows systems in healthcare and financial institutions bore the brunt of LockBit attacks.
- The Ransomware group took a brief hiatus to work on their malware kit and to improve their operations.
How does LockBit Ransomware Work?
- It works as a self-spreading malware, not requiring additional instructions once it has successfully infiltrated a single device with access to an organizational intranet.
- It is also known to hide executable encryption files by disguising them in the PNG format, thereby avoiding detection by system defenses.
- Attackers use phishing tactics and other social engineering methods to impersonate trusted personnel or authorities to lure victims into sharing credentials.
- Once it has gained access, the ransomware prepares the system to release its encryption payload across as many devices as possible.
- It then disables security programs and other infrastructures that could permit system data recovery.
Recent Attacks of LockBit Ransomware
Maximum Industries: This manufacturer makes rocket parts for SpaceX. The LockBit gang boasted about stealing 3,000 proprietary schematics as well as other blueprints in an attack in mid-March 2023.
Essendant: A wholesale distributor of office goods had a significant cyber attack in March 2023. The LockBit group claimed responsibility on March 14.
Housing Authority of the City of Los Angeles (HACLA): The state-chartered agency providing affordable housing to low-income individuals and families for the City of Los Angeles, warned of a cyber incident that was later attributed to the LockBit ransomware group.
Aguas do Porto: A Portuguese municipal water utility company, Aguas do Porto, was hit by the ransomware group in February 2023. The company manages full water cycles inclusive of water supply and waste water drainage, public lighting and photovoltaic parks.
Royal Mail: In early January 2023, the LockBit ransomware group breached systems of UK’s leading mail delivery service, Royal Mail, that led to disruption of package deliveries.
Source: The Hindu
Consider the following statements:
Statement-I
LockBit Ransomware is malicious software designed to block user access to computer systems.
Statement-II
LockBit Ransomware only targets individuals and requests financial payment in exchange for decryption.
Which one of the following is correct in respect of the above statements?
A.Both Statement-I and Statement-II are correct, and Statement-II is the correct explanation for Statement-I.
B.Both Statement-I and Statement-II are correct, and Statement-II is not the correct explanation for Statement-I.
C.Statement-I is correct, but Statement-II is incorrect.
D.Statement-I is incorrect, but Statement-II is correct.
Answer C