Summary: The content discusses a recent incident involving the LockBit ransomware in West Africa, highlighting the persistent threat posed by this malware and its self-propagation capabilities.
Threat Actor: LockBit ransomware | LockBit ransomware
Victim: Unspecified victim in West Africa | West Africa
Key Point :
- Cybercriminals used stolen administrator credentials to deploy a customized variant of the LockBit ransomware with self-propagation capabilities.
- The incident highlights the ongoing risk posed by the leaked LockBit 3.0 builder, which allows attackers to create customized versions of the malware without advanced programming skills.
- The ransomware exhibits unprecedented features, including impersonation of system administrators and adaptive self-spreading across networks.
- It leverages highly privileged domain credentials to disable security measures, encrypt network shares, and erase event logs.
- The malware’s custom configuration files allow it to adapt to specific network environments, making it more evasive and challenging for cybersecurity professionals to detect and mitigate.
- The use of the SessionGopher script by attackers to extract saved passwords from affected systems was also uncovered.
- Kaspersky recommends implementing frequent backups, robust security solutions, and regular cybersecurity training to mitigate ransomware attacks.
A recent incident in West Africa has once again brought attention to the persistent threat posed by the LockBit ransomware.
Cybercriminals, armed with stolen administrator credentials, have deployed a customized variant of the encryption malware equipped with self-propagation capabilities.
Exploiting privileged access, they breached corporate infrastructure, demonstrating the ongoing risk posed by the leaked LockBit 3.0 builder, despite its previous exposure.
“The LockBit 3.0 builder was leaked in 2022, but attackers still actively use it to create customized versions – and it doesn’t even require advanced programming skills,” commented Cristian Souza, an incident response specialist at Kaspersky.
“This flexibility gives adversaries many opportunities to enhance the effectiveness of their attacks, as the recent case shows. It makes these kinds of attacks even more dangerous, considering the escalating frequency of corporate credential leaks.”
According to a new report by Kaspersky, the incident also highlights a concerning trend where attackers craft sophisticated ransomware capable of spreading autonomously within networks.
The malware variant, identified by the security firm, exhibits unprecedented features, including impersonation of system administrators and adaptive self-spreading across networks.
Leveraging highly privileged domain credentials, the ransomware can also turn off security measures, encrypt network shares and erase event logs to conceal its actions. Each infected host becomes a vector for further infection, amplifying the impact within the victim’s network.
Custom configuration files allow the malware to adapt to specific network environments, enhancing its efficacy and evasiveness. This flexibility, coupled with the ease of use of the leaked builder, presents significant challenges for cybersecurity professionals.
Kaspersky’s research also uncovered the use of the SessionGopher script by attackers to extract saved passwords from affected systems. While incidents lacking some advanced capabilities have been observed in various industries and regions, the geographical scope of attacks may be expanding.
According to the cybersecurity firm, international law enforcement’s recent takedown of the LockBit ransomware group underscores the collaborative efforts required to combat such threats.
Read more on the operation: LockBit Takedown: What You Need to Know about Operation Cronos
To mitigate ransomware attacks, Kaspersky recommends implementing frequent backups, deploying robust security solutions and providing regular cybersecurity training to employees.
Source: https://www.infosecurity-magazine.com/news/lockbit-variant-self-spreading/
“An interesting youtube video that may be related to the article above”