About LockBit Ransomware:
- It is malicious software designed to block user access to computer systems in exchange for a ransom payment.
- It was formerly known as “ABCD” ransomware, but it has since grown into a unique threat within the scope of extortion tools.
- It is a subclass of ransomware known as a ‘crypto virus’ due to forming its ransom requests around financial payment in exchange for decryption.
- It focuses mostly on enterprises and government organizations rather than individuals.
- It functions as ransomware-as-a-service (RaaS). Willing parties put a deposit down for the use of custom for-hire attacks, and profit under an affiliate framework.
How does LockBit ransomware work?
- It works as a self-spreading malware, not requiring additional instructions once it has successfully infiltrated a single device with access to an organisational intranet.
- It is also known to hide executable encryption files by disguising them in the . PNG format, thereby avoiding detection by system defences.
- Attackers use phishing tactics and other social engineering methods to impersonate trusted personnel or authorities to lure victims into sharing credentials.
- Once it has gained access, the ransomware prepares the system to release its encryption payload across as many devices as possible.
- It then disables security programs and other infrastructures that could permit system data recovery.
