LockBit Ransomware Group now targeting macOS: Kaspersky


Share

LockBit, a ransomware group known for its global targeting of businesses, has recently expanded its operations to include macOS, according to cybersecurity experts from Kaspersky. LockBit has gained infamy for its relentless attacks, causing significant financial and operational damage. The latest report by Kaspersky highlights LockBit’s determination to widen its reach and maximize the impact of its malicious activities.

Initially, LockBit operated without leak portals, double extortion tactics, or data exfiltration before encrypting victim data. However, the group has continually improved its infrastructure and security measures to defend against various threats, including attacks on its administration panels and disruptive distributed denial-of-service (DDoS) attacks.

Experts in the cybersecurity community have noticed that LockBit is incorporating code from other notorious ransomware groups such as BlackMatter and DarkSide. This strategic move not only streamlines operations for potential affiliates but also expands the range of attack vectors employed by LockBit. Recent findings from Kaspersky’s Threat Attribution Engine (KTAE) reveal that LockBit has integrated approximately 25 percent of code previously used by the now-defunct Conti ransomware gang, resulting in a new variant called LockBit Green.

In a significant breakthrough, Kaspersky researchers have discovered a ZIP file containing LockBit samples specifically designed for multiple architectures, including Apple M1, ARM v6, ARM v7, FreeBSD, and more. Through analysis and investigation using KTAE, they have confirmed that these samples originate from the LockBit Linux/ESXi version previously observed.

While certain samples, like the macOS variant, require additional configuration and lack proper signing, it is clear that LockBit is actively testing its ransomware on various platforms, signaling an imminent expansion of attacks. This development underscores the urgent need for robust cybersecurity measures across all platforms and heightened awareness within the business community.

Marc Rivero, a senior security researcher at Kaspersky’s Global Research and Analysis Team, emphasizes the severity of the threat posed by LockBit and similar ransomware groups. He advises organizations to reinforce their defenses, regularly update security systems, educate employees on cybersecurity best practices, and establish incident response protocols to effectively mitigate the risks.

To learn more about LockBit’s updated toolset, visit Securelist. Kaspersky recommends following their proposed rules to protect yourself and your business from ransomware attacks:

1. Keep all software updated on your devices to prevent attackers from exploiting vulnerabilities and infiltrating your network.

2. Focus your defense strategy on detecting lateral movements and data leaks to the internet. Pay attention to outgoing traffic to identify cybercriminal connections to your network. Set up offline backups that cannot be tampered with.

3. Activate ransomware protection on all endpoints. Kaspersky offers a free Anti-Ransomware Tool for Business that shields computers and servers from ransomware and other malware types.

4. Install anti-APT and EDR solutions to enable advanced threat discovery, detection, investigation, and timely incident remediation. Provide your security operations center (SOC) team with access to the latest threat intelligence and regular professional training.

5. Gain access to the Kaspersky Threat Intelligence Portal, which provides up-to-date cyberattack data and insights collected by their team over the last two decades. Kaspersky is currently offering free access to this information to help businesses strengthen their defenses against evolving threats.


Leave a reply