Discovered by MalwareHunterTeam, LockBit is a ransomware. Malicious software under this classification is designed to encrypt data. Cyber criminals behind the infection demand payment for decryption tools / software. During the encryption process, LockBit renames files with the extension “.abcd”. After this process, a text file – “Restore-My-Files.txt” is placed in each affected folder.
Lockbit is threatening its victims with the publication of data in the event that payment is not made, in addition to incorporating a new privilege escalation technique. Considering the evolution that ransomware is having, it is expected that other families will incorporate this new technique to bypass Windows user account control. Until now, numerous families have been seen that were copies of other existing ones, as explained by Sophos, it has become incredibly easy to copy and deploy ransomware by making a few small modifications.
It is true that in most cases of ransomware infections, without the interference of the malware developers, decryption is impossible. It may only be possible if the ransomware is still in development and / or has certain flaws / bugs. To prevent LockBit from having more encryption, it should be removed. Unfortunately, the deletion will not restore the already compromised data. The only viable solution is to recover the files from a backup, if it was made before the infection and was stored in a separate location and that is why constant backups are so important.
This threat mainly spreads via Trojans, spam campaigns, cracking or illegal software activation tools, fake updates, and untrustworthy download channels. Apparently this is just the beginning of LockBit and it may be constantly updated and that is why it is necessary to stay informed about threats of this type and be prepared and this not only applies to LockBit but also to the many threats that we can find.
See also:
Clop – A dangerous encryption ransomware
Ragnar Locker – One of the most dangerous threats
[…] topics:LockBit – A constantly evolving ransomwareAcute dangerous high-risk […]