In a security advisory released on Thursday, the Australian Cyber Security Centre (ACSC) warns of a rise in LockBit 2.0 ransomware attacks targeting Australian businesses beginning in July 2021.
The cybersecurity organization stated that reports on LockBit 2.0 ransomware attacks in Australia have increased.
Compared to other monitored ransomware versions, most of the victims ACSC identified have been recorded after July 2021. It shows a sudden and considerable rise in local victims, according to the report.
The agency has seen LockBit groups effectively distributing ransomware on corporate systems in a range of industries, such as manufacturing, retail and food, construction, and professional services.
ACSC said that cyberattack victims have also reported threats of stolen data when the operations are publicly released, which is a widely-used and well-known strategy of ransomware groups to compel its victims to pay the ransom.
ACSC also released a ransomware description, which includes targeted areas, first access indications, and mitigating methods for the LockBit group.
These malicious hackers are opportunistic, as per the report. They may threaten companies in any business sector. So, just because a sector is not on the list of affected industries does not mean the target of LockBit will not shift to another.
The ACSC offers LockBit TTP (Tactics, Techniques, and Procedures) specific mitigations. The 1300 CYBER1 hotline of the agency can be contacted by the victims of these growing ransomware attacks or those who require guidance.
LockBit has been highly active since its founding. Its members spread the RaaS and offer support on different hacker forums using the Russian language.
In September 2019, LockBit’s ransomware-as-a-service (RaaS) began operating, hiring cyberattackers to hack into systems and encrypted devices.
The ACSC’s notice suggests that LockBit has reached unprecedented activity levels. On the other side, the ransomware group is just now revving up its attacks again, as seen by the ID Ransomware entries, following fewer operations since January 2021.
After topics on ransomware were prohibited on hacking forums, LockBit introduced the LockBit 2.0 RaaS on their data leak website in June 2021.
Lockbit 2.0 was accompanied by new dark websites and additional functionality, such as automated device encryption through Active Directory group rules over Windows networks.
Moreover, the ransomware group is aiming to eliminate the mediators with LockBit 2.0. It will be done by hiring insiders who will supply them with a virtual private network (VPN) and remote desktop protocol (RDP) access to company systems.