The Australian Cyber Security Centre (ACSC) has warned about an increase in LockBit 2.0 ransomware attacks starting July 2021.
“ACSC has observed an increase in reporting of LockBit 2.0 ransomware incidents in Australia,” Australia’s cybersecurity agency said in a security alert issued on Thursday. “The majority of victims known to the ACSC have been reported after July 2021, indicating a sharp and significant increase in domestic victims in comparison to other tracked ransomware variants.”
The agency also noted that victims of the ransomware are also threatened with having their stolen data leaked online unless a ransom is paid.
The ACSC has observed that LockBit affiliates have successfully deployed ransomware on various corporate systems in such sectors, as professional services, manufacturing, construction, retail, and food.
The agency also published additional information about the LockBit group, including initial access indicators and mitigation measures.
According to the company, despite the recent focus on a few sectors, these actors could potentially target any industry. For instance, they could target banks or other financial institutions.
The ACSC said it carries out mitigations focused on the LockBit TTPs (Tactics, Techniques, and Procedures), which includes implementing multifactor authentication (MFA), restricting admin privileges, patching internet facing Fortinet devices against the CVE-2018-13379 bug, daily backups, and blocking lateral movement and escalation attempts.
The LockBit ransomware gang started out in September 2019 recruiting threat actors to carry out attacks as part of its ransomware-as-a-service (RaaS) model. It has been very active since its launch, with various gangs promoting the RaaS and other hacker forums, until the lull in its activities in January this year.
In June 2021, following a period of inactivity, LockBit launched the LockBit 2.0 RaaS after cybercrime forums banned ransomware topics and renewed its attacks.
This relaunch saw new features added to the malware, such as the ability to automatically encryption devices across Windows domains using Active Directory group policies.