LockBit has been busy: in just the past month, it has claimed to have compromised 40 organisations, from a private school in Malaysia to a dental group in Sydney, helping it take the mantle of the most prolific ransomware gang in the world.
LockBit the world No.1 ransomware group
The group has already hit the City of London, ensnaring Kingfisher Insurance in October 2022.
But Royal Mail is its biggest target so far: a crucial part of the UK’s critical infrastructure that was suddenly left unable to send mail outside the British Isles.
As the UK’s Royal Mail grappled with the fallout of the ransomware attack, a purported member of the LockBit hacking group stepped forward to take credit for the mayhem.
The spotlight — both from rival hacking gangs and UK authorities — was finally on LockBit.
“Guys, you can calm down,” said the anonymous post, as it revealed that a LockBit affiliate was behind the attack, made in a private forum and shared with the Financial Times by a security researcher.
The hack, the post said, was carried out by an elite, top ten member of the sprawling LockBit gang, someone who specialised in the important jobs of decrypting and then deleting the stolen data after collecting the ransom.
Royal Mail, which is valued £2.2 billion on the London stock market, has yet to officially confirm that LockBit breached its cyber defences, encrypted its data and is now holding it ransom.
The company declined to comment on whether it was negotiating with hackers, or how long it expects the disruption to last.
During a parliamentary hearing on this week, Royal Mail chief executive Simon Thompson told MPs he had been informed “that to discuss any fine details . . . would actually be detrimental”.
The company is facing off against an evolved version of the ransomware threat — security researchers describe LockBit as the most professional, sleekly efficient gang in the world.
In the past year, the “founding fathers” of the group have taken advantage of the break-up of a rival to corner market share, released new versions of their malware (LockBit 3.0) that automate the most basic tasks, hold marketing promotions, and give their targets frank advice on how to defend themselves (spend 10% of budget on cyber security, patch your computers and hire an outsider to test for weaknesses).
The group’s polished efficiency has caused havoc across the globe, with LockBit accounting for just over a quarter of all known ransomware attacks in 2022, according to the Israeli security firm CyberInt.
That is a harbinger of worse to come — now deeply entrenched in the ransomware business, the group is poised to become more ubiquitous. It has largely replaced the now disbanded Russian Conti hackers who raked in about $3 billion in their 2020-2021 heydays, according to CyberInt estimates, before being betrayed by a Ukrainian insider who fell out with the group’s pro-Russian politics.
“LockBit manages themselves way better than a lot of legitimate companies — they are professional, they take care of their PR, they focus on their product, their business, they keep away from politics,” said Shmuel Gihon, a security researcher at CyberInt who has followed the group closely.
“They are presenting themselves as an organisation that can’t be ignored — at this scale, they will be everywhere, and there’s not much that can be done about it.”
The group works on a “Ransomware As a Service” model, renting out its malware and providing technical support to far-flung “affiliates” who do the time-consuming task of penetrating a target’s networks and planting the LockBit malware.
Around that time, senior members of the group step in, taking over the more complex tasks of infiltrating more secure areas of the target’s network, identifying the most crucial files to encrypt and then coach, and even run, the ransomware negotiations.
In the end, they take a commission, often as much as 20%.
The FBI estimates that LockBit has made more than $100 million in ransom demands, which security researchers say is likely an undercount — successful ransomware attacks are rarely made public, a fact that LockBit promotes as part of its allure, allowing corporations to avoid the embarrassment and scrutiny of having been hacked.
The post “Slick” – How LockBit became the world No.1 ransomware group appeared first on Payments Cards & Mobile.
