“FBI: Watch Out for LockBit 2.0 Ransomware, Here’s How to Reduce the Risk to Your Network.”
As the FBI warns us about the LockBit 2.0 ransomware, they are also warning us to utilize MFA and strong passwords for all admin and high-value accounts. It is mentioned in the article, Microsoft has found that 78% of organizations using Azure Active Directory does not have MFA enabled. If this is keeping an organization safe, why aren’t they using it?
LockBit2.0 targets Windows PCs and Linux servers via bugs in VMWare’s virtual machine.
LockBit’s operators use any method available to compromise a network, as long as it is successful. For example, the operators are buying access to already compromised network from “access brokers,” exploiting unpatched software bugs, and even paying for insider access, as well as using exploits for previously unknown zero-day flaws. Lockbit 2.0 identifies and collects an infected device’s hostname, host configuration, domain information, local drive configuration, remote shares, and mounted external storage devices. It then attempts to encrypt the data saved to any local or remote device but skips flies associated with core system functions. Afterwards, it deletes itself from the disk and creates persistence at a startup. The FBI additionally recommends companies segment their networks, investigate any abnormal activity, implement time-based access for accounts set at the admin level and higher, disable command-line and scripting activities and permissions, and maintain offline backups of data.
By: Victoria Zak
Leave a Reply