Australians have become a target for different kinds of cyberattacks lately. The Australian Competition and Consumer Commission (ACCC) reported an 84% surge in identity theft scams, 75% in phishing scams, and a significant increase in remote access scams in the country. Now the Australian Cyber Security Centre (ACSC) is warning about the rise in LockBit 2.0 ransomware operations in Australia.
The ACSC identified several victim organizations in Australia that are impacted by LockBit 2.0 ransomware. Attackers successfully exploited organizations across multiple sectors, including construction, manufacturing, retail, food, and IT. LockBit operators are reportedly performing double-extortion schemes by posting compromised sensitive victim data on their dark web site LockBit 2.0, and threatening the victims to expose the compromised data online if the ransom is not paid.
“The LockBit ransomware restricts access to corporate files and systems by encrypting them into a locked and unusable format. Victims receive instructions on how to engage with the offenders after encryption. LockBit affiliates have successfully deployed ransomware on corporate systems in a variety of countries and sectors, including Australia, where the ACSC is aware of numerous incidents since 2020,” the ACSC said.
LockBit 2.0 aka ABCD
LockBit ransomware variant, also known as LockBit 2.0 or ABCD, was detected in September 2019 as a Ransomware-as-a-Service (RaaS), enabling malicious affiliates to leverage it to exploit networks of the targeted victims.
The ACSC claimed that it found LockBit operations on Russian-language cybercrime forums since January 2020. Attackers have been advertising the latest version of the LockBit RaaS as LockBit 2.0 since June 2021. The new LockBit 2.0 ransomware is bundled with built-in information stealing feature dubbed as StealBit.
As per the ACSC’s findings, LockBit operators are actively exploiting unpatched vulnerability CVE-2018-13379 in the Fortinet FortiOS and FortiProxy products to gain access to victim network systems. ACSC authorities urged organizations to perform serious risk assessments and necessary security precautions to secure their corporate networks against LockBit 2.0 ransomware. The mitigations include:
- Establish processes to identify, assess, and patch vulnerabilities affecting your organization
- Enable multifactor authentication (MFA) for all user accounts, particularly privileged accounts.
- Educate users to reduce password re-use.
- Encrypt sensitive data at rest. Consider segmenting networks to separate sensitive data from corporate environments.
- Consider restricting access to web-based storage services from corporate networks.
LockBit ransomware has become popular in the cybersecurity landscape with its advanced extortion techniques and attacks. Therefore, implementing required cybersecurity measures will help organizations defend against rising ransomware variants.