Cyber Security Advisory
Lockbit 2.0 Ransomware Incidents in Australia
What is it?
Initially discovered in 2019, LockBit ransomware has targeted various industries and organizations all over the world. Available as a Ransomware-as-a-Service (RaaS), LockBit allows hackers to use it in any way they want as long as they pay part of the unlawful ransom to the LockBit operators as commission.
The ACSC (Australian Cyber Security Centre) reported that a number of Australian organizations have been impacted by the Lockbit 2.0 ransomware since 2020.
Who is at risk?
Lockbit hackers have successfully deployed ransomware in a variety of business sectors including retail, manufacturing, construction, F&B, and other professional services. The threat actors behind Lockbit have proven to be opportunistic and willing to target organizations across any sector with a vulnerable endpoint.
How does it work?
The LockBit ransomware prevents access to an organization’s data by encrypting files and systems into a locked and unusable state. LockBit affiliates are known to implement the ‘double extortion’ technique by uploading stolen and sensitive victim information to their dark web site ‘LockBit 2.0’, and threatening to sell and/or release this information if their ransom demands are not met.
How can I protect myself?
Organizations that have been impacted by any ransomware attack should immediately contact Blackpanda’s expert ransomware response and negotiation specialists.
1. Stronger passwords:
Many of the most significant ransomware attacks that have occurred were due to simple passwords obtained through brute force attacks or dark web data breach sales. Ensure all employees use long-tail passwords that include symbols, numbers, and upper/lower case letters that are not affiliated with personally identifiable information like names, addresses, birthdays etc.
2. Activate multi-factor authentication:
Ensure every access point within your systems requires MFA. This provides an added layer of security and decreases the chance that a brute force attack will be able to access your data.
3. Adhere to the principle of least privilege:
The Principle of Least Privilege is the idea that any user, program, or process should have only the bare minimum privileges necessary to perform its function.The principle of least privilege works by allowing only enough access to perform the required job. In an IT environment, adhering to the principle of least privilege reduces the risk of attackers gaining access to critical systems or sensitive data by compromising a low-level user account, device, or application.
4. Sweep out old user accounts and passwords:
Audit a clean sweep of current users and delete older usernames and passwords that have access to your critical infrastructure.
5. Update all software and security patches:
Software and security partners are constantly updating their software to keep up with the daily evolution of hacking technology. It is important for your organization to apply updates and patches whenever available.
6. Back up your systems and data offline:
Employ strong, frequent backups to have important files and systems recoverable in the event of an attack.
7. Implement an Endpoint Detection and Response (EDR) solution:
An EDR system can help detect threats that are within your system so that you can respond to them in the quickest way possible. EDR solutions like SentinelOne and cyber risk assessment tools like Pandarecon can better protect your environment from ransomware attacks and other threats.
8. Have a risk transfer solution and cyber IR plan in place
Sophisticated ransomware will be able to get past anti-virus protections and firewalls offered by outdated cyber defence systems. Having a proper IR (incident response) plan in place, recurring compromise assessments, and comprehensive cyber insurance coverage can help your organization best combat the constantly evolving threats in the cyber landscape.
Learn more about how Blackpanda and Pandamatics Underwriting cyber insurance can help protect your organization and your clients.
- Learn more about Blackpanda Cyber Incident Response
- Learn more about Blackpanda Compromise Assessments