Today, the operations of ransomware gangs are often short-lived, especially if they end up making enough profit, just like the REvil Ransomware gang shut down after the Colonial Pipeline hack. However, there are some ransomware families that have been around for over a year and are still actively seeking affiliates and more with their new LockBit 2.0 update, this ransomware emerged on the malware landscape in September 2019, when it was offered in a RaaS scheme, in addition, this operation has remained quite active since its launch, with representatives of the group behind the threat maintaining a presence in hacker forums.
When several prominent forums decided to distance themselves from ransomware schemes and banned discussions on such topics, LockBit switched to a newly created data breach site. There, cybercriminals unveiled the next version of their menacing creation: LockBit 2.0, which would also be offered as RaaS. Version 2.0 boasts massively expanded malicious capabilities with hackers incorporating multiple features that have emerged in other ransomware families before.
A large part of the file lockers focus on encrypting the files on the infected machine and dropping the ransom message. However, high profile threat actors like the one using LockBit 2.0 Ransomware will not be satisfied with this. That is why this file encryption Trojan comes preloaded with special scripts, which aim to manipulate Windows group policy settings.
By manipulating these settings, the ransomware tries to weaken the security measures imposed by Microsoft and make it possible to infect other devices on the same network. Of course, the entire process is much more complicated, but the end result is always the same: accessing files on various devices on the infected network.
A peculiar feature of the LockBit 2.0 Ransomware is that it tries to deliver the ransom note in an interesting way. In addition to dropping the usual document, it also tries to access all the printers available on the network and then print the ransom message on paper similar to the method Egregor Ransomware used. LockBit 2.0 is undoubtedly active and has always been since its creation, so it is important to be prepared to face these threats, in addition, if you are unlucky enough to be infected, it is recommended not to pay or access their demands because not it is safe to get your data back.
Related topics:
LockBit – A constantly evolving ransomware
Acute dangerous high-risk Ransomware
