Menu
On Friday 4th of February 2022, the US Federal Bureau of Investigation (FBI) released a flash alert about indicators of compromise associated with LockBit 2.0 ransomware. The flash alert details the advances to the LockBit 2.0 since the LockBit ransomware gang became active in September 2019. LockBit 2.0 is the second iteration of the original LockBit ransomware which was released in June 2021 after the gang had been banned from posting on cybercrime forums. With the second iteration, many advanced features were included like “the automatic encryption of devices across windows domains by abusing Active Directory group policies”. The alert also states that the gang also had tried to recruit insiders of potential victims to establish initial access by promising a portion of the proceeds of a successful attack. The gang was observed developing a Linux-based malware which would target vulnerabilities within VMWare ESXi virtual machines.
There has been no clear reason for why this flash alert has been released now although the FBI are now asking admins and cybersecurity professionals to share any information on LockBit attacks with them.
“The FBI is seeking any information that can be shared, to include boundary logs showing communication to and from foreign IP addresses, a sample ransom note, communications with the threat actors, Bitcoin wallet information, the decryptor file, and/or a benign sample of an encrypted file.” – US Federal Bureau of Investigation.
NCSC Threat Reports Feed© 2021 CyberEnsō – Nihon Cyber Defence Co., Ltd. All Rights Reserved.
