At the backend of the huge hue and cry regarding ransomware attacks are the gangs that make it happen. These gangs have been marauding the cyber world by way of sector expertise like finance or the way / signature to perpetrate the attack. Lazarus, a North Korean hacking group shook the world. The capability to use different malware every time to evade recognition by cyber security researchers and investigators is one of their concerns. Close on the heels of Lazarus, we have the REvil devastating the world. LockBit is making waves now.
Quite like a standard software products, there attack tools are improving themselves, to a level of assigning a version to it. Today we have LockBit 3.0. Evolution is necessary to stay at the top. These is cut throat competition in every field. Attacks at its best. LockBit has become the most commonly encountered ransomware family, accounting for 40% of all attacks. This data is based on attacks detected by NCC Group, a Cyber Security firm for the month of May 2022. Italian Revenue Agency became the latest victim of LockBit. It has claimed to have encrypted and exfiltrated 78 gigabytes of files.
This attack seems to have been conducted on the new version of the malware. Just before this attack the infamous ransomware group debuted an improved version of the malware. This malware was featuring parts from Egregor and BlackMatter. Based on the reverse engineering of the latest ransomware executables it has been found that developers have added capabilities from other attack tools. They are working actively to improve LockBit’s anti-analysis capabilities. The debutant LockBit 3.0 intends to offset better defenses, greater scrutiny and competition from rival gangs.
Whether it is law enforcement pressure or defenders getting better, we are seeing them evolve, forced to get better in what they do. They have to keep abreast with Dark web Joneses. The new version enumerates available APIs. The lethal potential of the malware / ransomware is supplementing conventional war arsenal. Following Russia’s invasion of Ukraine, these ransomware groups have committed to supporting Russia. They are increasingly getting requests to conduct operations against nation-state targets. How do we differentiate between state and non-state? It is the same war effort. Cyber security is fully enmeshed with our lives.
WITH VERSION CONTROL, SO TO SAY, RANSOMWARE HAS MOVED ON TO A DIFFERENT LEVEL.