Context: Cybercriminals have developed new ransomware LockBit designed to target macOS devices, making this the first major ransomware operation to specifically target Apple computers (both older Macs and newer ones running on Apple Silicon).
About LockBit ransomware
- It was first reported in September 2019 and dubbed the “abcd” virus, due to the file extension used when encrypting victims’ files.
- The LockBit ransomware is designed to infiltrate victims’ systems and encrypt important files.
- The virus is categorised as a “crypto virus” due to its requests for payment in cryptocurrency to decrypt the files on the victim’s device.
- LockBit gang operates on the ransomware-as-a-service (Raas) model and comes from a line of extortion cyberattacks.
- In this model, willing parties put down a deposit for use in a custom attack and make profits through the ransom payment.
- The ransom is divided between the LockBit developer team and attacking affiliates.
- The gang behind the LockBit ransomware reportedly maintains a dark web portal to recruit members and release data of victims who refuse to meet their demands, as part of their business model.
How does LockBit ransomware work?
- It works as a self-spreading malware, not requiring additional instructions once it has successfully infiltrated a single device with access to an organisational intranet.
- It is also known to hide executable encryption files by disguising them in the .PNG format, thereby avoiding detection by system defences.
- Attackers use phishing tactics and other social engineering methods to impersonate trusted personnel or authorities to lure victims into sharing credentials.
- The ransomware places an encryption lock on all system files, which can only be unlocked via a custom key created by the LockBit gang. The process leaves behind a ransom note, with instructions to restore the system, and has reportedly also included threatening blackmail messages.
Incidents of attacks
- Earlier in January 2023, the LockBit gang was reportedly behind a cyber-attack on the U.K. postal services, causing international shipping to grind to a halt.
- In the past, LockBit ransomware has been used to target enterprises and organisations in the U.S., China, India, Ukraine, and Indonesia. Attacks have also been recorded throughout Europe, including in France, Germany, and the U.K.