National Cyber Warfare Foundation (NCWF) Forums


Hacker Customize LockBit 3.0 Ransomware to Attack Orgs Worldwide


0 user ratings
2024-04-15 19:41:44
milo
Red Team (CNA)

 - archive -- 

Cybersecurity researchers at Kaspersky have uncovered evidence that cybercriminal groups are customizing the virulent LockBit 3.0 ransomware for targeted attacks against organizations worldwide. This allows the threat actors to tailor the malware for maximum impact and effectiveness against specific targets. The findings come from the researcher’s analysis of the leaked LockBit 3.0 builder, which first […]


The post Hacker Customize LockBit 3.0 Ransomware to Attack Orgs Worldwide appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.



Cybersecurity researchers at Kaspersky have uncovered evidence that cybercriminal groups are customizing the virulent LockBit 3.0 ransomware for targeted attacks against organizations worldwide.





This allows the threat actors to tailor the malware for maximum impact and effectiveness against specific targets.





The findings come from the researcher’s analysis of the leaked LockBit 3.0 builder, which first surfaced on underground forums in 2022.





This builder enables criminals to generate customized versions of the ransomware by configuring options like network spreading capabilities and defenses to disable.





“The leaked builder has significantly simplified the process of creating tailored ransomware variants,” stated Dmitry Bestuzhev, Director of Kaspersky’s Global Research and Analysis Team. “This opens up a new level of danger, especially if the attackers can obtain privileged credentials within the targeted network.”





Customized Attack Leaves Trail of Destruction





In one alarming incident response case, investigators found that the attackers had managed to steal plain text administrator credentials.





They then used the LockBit builder to generate a customized ransomware variant capable of spreading rapidly across the network using these stolen privileges.





LockBit builder files




The customized malware killed Windows Defender protections and erased event logs to cover its tracks before encrypting data across the compromised systems. Bestuzhev called it “a precision strike intended to maximize damage and cripple the victim.”





Researchers have identified similar customized LockBit attacks across Russia, Italy, Guinea-Bissau, and Chile in recent months. While most relied on default or slightly modified configurations, the incident involving stolen credentials demonstrates the potential devastation.





Custom configuration




“We expect this trend to accelerate as more threat groups obtain access to the LockBit builder,” warned Bestuzhev. “Tailoring malware for specific targets makes attacks exponentially more potent.”





Calls for Increased Defensive Measures





The findings have cybersecurity experts urging organizations to enhance their defensive posture and incident response preparedness radically. Implementing multi-factor authentication, promptly installing patches, and maintaining strict credential hygiene policies are critical.





“The ability for criminals to customize ransomware strains to bypass existing protections is a gamechanger,” said Emily Pycroft, CEO of CyberSec Consultants in London. “Defending against these advanced threats requires a new mindset and proactive measures.”





As LockBit 3.0 continues spreading, the cybersecurity community is bracing for an escalation in high-impact, targeted ransomware attacks tailored to punch holes through organizational defenses. Rapid action may be necessary to stay ahead of the evolving threat.





Indicators of compromise





Host-based:






  • 8138f1af1dc51cde924aa2360f12d650




  • decd6b94792a22119e1b5a1ed99e8961





Network-based:






  • update.centos-yum[.]com (199.231.211[.]19)





Looking to Safeguard Your Company from Advanced Cyber Threats? Deploy TrustNet to Your Radar ASAP.


The post Hacker Customize LockBit 3.0 Ransomware to Attack Orgs Worldwide appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.



Source: gbHackers
Source Link: https://gbhackers.com/hacker-customize-lockbit-3-0-ransomware-to-attack-orgs-worldwide/


Comments
new comment
Nobody has commented yet. Will you be the first?
 
Forum
Red Team (CNA)



Copyright 2012 through 2024 - National Cyber Warfare Foundation - All rights reserved worldwide.