Organizations are at ever-increased risk of being targeted by ransomware attack. Ransomware readiness of organizations is tested every day by new gangs and threat agents that look out for vulnerabilities and steal data. Infamous ransomware software LockBit claimed a new victim this month. According to a report, LockBit agents threatened SpaceX, a leading aerospace technology company with irreversible damages if it fails to pay the ransom. In a similar security incident, The Housing Authority of the City of Los Angeles (HACLA) cited LockBit ransomware gang for data breach and leak that happened in December 2022.
What is LockBit ransomware?
According to Kaspersky, LockBit ransomware is self-piloted malicious software unlike anything you have ever come across in IT security. This ransomware software systematically blocks user access to the computer systems. It targets its victims with precision, locks down the IT systems and asks for ransom to make computer systems accessible again. Ransomware gangs leave the victims vulnerable by infecting their computer network with malicious codes that spread so quickly that there is no other option but to shut down the system completely and pay ransom to the perpetrators. Hackers not only resort to extortion for financial gains but also carry out blackmailing activities to force victims into making more payments to avoid a second or multiple security attacks on the vulnerable IT assets exposed to this gang. LockBit can do more damage to the organization than previously found.
In an email conversation, leading cybersecurity experts shared their insights on the current state of ransomware attacks and how organizations can prepare against LockBit-like attacks. The panel of experts includes:
- Etay Maor, Senior Director of Security Strategy at Cato Networks
- Erfan Shadabi, cybersecurity expert with data security specialists comforte AG
- Rebecca Moody, Head of Data Research at Comparitech
LockBit Doesn’t Attack! It Hacks into Your System
“LockBit are a very well-known ransomware group which appeared on the scene in early 2022. The group is likely a continuation of the Conti ransomware group, Russian in origin, with a very high profile. They have targeted many organizations across multiple countries (excluding Russia of course) and maintain a high level of OPSEC (Operational Security) while also engaging in RaaS (Ransomware as a Service).
In many cases ransomware groups obtain credentials or third-party credentials onto the network they want to target. Simply put, they don’t hack the networks, they log in!
These types of credentials can be obtained in multiple ways: they can be bought in criminal forums, they can be found in databases of breaches that were already published, they can be phished, they can be collected via malware infection, they can be social engineered, they can be obtained by an insider.
Organizations today try to prevent attacks by buying more and more point solutions. Small to medium organizations have roughly 20-40 security products while large organizations have over 60. What these organizations end up with are endless integration projects, patching issues, management complexity, alert fatigue and more. Organizations need to understand that an attack such as a ransomware attack should be viewed and dealt with holistically. Trying to deal with these threats using on-prem point solutions is futile. The right approach is applying a multiple choke points approach across the entire attack path using a system that incorporates all the security products under one roof, allowing these solutions to enrich and share data. Such an architecture comes in the form of a single pass cloud-based solution (such as a SASE architecture), rather than the multiple pass, fragmented, on prem approach we still see today.”
Take Control of Your Enterprise Data with Innovative Thinking with Predictive Planning
“The situation that SpaceX finds itself in highlights a peripheral danger in leaked or stolen enterprise data—the threat of intellectual property and other proprietary information falling into the wrong hands. Most businesses are rightly concerned first and foremost with maintaining data privacy and security with regards to their customers’ data. Yet, hackers want to know more about the targeted companies themselves, knowledge such as trade secrets, corporate strategies, inventions, and any other bits of sensitive information which would create leverage in a ransom and blackmail situation. So, while companies look to protect their intellectual data in the best ways possible, with data-centric methods such as tokenization or format-preserving encryption, they also need to apply those controls to sensitive data about themselves. We all know that a company’s most valuable asset is data, and that includes data about what they themselves are doing and bringing to market.”
Rebecca Moody, Head of Data Research at Comparitech added, “We are seeing an increasing number of organizations being threatened with the publication of data stolen by ransomware groups. As more companies try to avoid paying ransoms, hackers appear to be upping the ante with their threats to publish data, which is sometimes incredibly sensitive in nature.
While businesses should be applauded for not giving in to the extortion tactics made by hackers, the growing amount of data being published by hackers is of great concern. Not only does it put people at risk of identity theft but, as we have seen in the recent case against Lehigh Valley Health Network where naked images of patients were uploaded, hackers will seemingly stop at nothing to try and secure their ransom demands. How organizations limit the damage caused by the publication of data, e.g. with substantial identity theft protection and in-depth advice for consumers, is crucial.
So far this year we have recorded 47 publicly confirmed ransomware attacks against U.S. organizations. This has affected more than 1.1 million records with the average ransom demand being $4.2 million.”