LockBit, one of the world’s most notorious ransomware groups, has recently expanded its attacks to target macOS systems, according to cybersecurity experts at Kaspersky.
Known for its relentless attacks on businesses worldwide, LockBit has upgraded its capabilities to maximize the impact of its malicious activities.
Previously, LockBit operated without leak portals, double extortion tactics, or data exfiltration, but it has continuously improved its infrastructure and security measures to fend off various threats.
Analysts have observed that LockBit is now incorporating code from other well-known ransomware groups like BlackMatter and DarkSide. This strategic move not only streamlines its operations but also expands the range of attack vectors employed by LockBit.
Kaspersky’s Threat Attribution Engine (KTAE) has discovered that LockBit has integrated around 25% of the code previously utilized by the now-defunct Conti ransomware gang, resulting in a new variant called LockBit Green.
In a significant finding, Kaspersky researchers have discovered a ZIP file containing LockBit samples specifically designed for multiple architectures, including Apple M1, ARM v6, ARM v7, FreeBSD, and more.
Through analysis and investigation, they have confirmed that these samples originate from the LockBit Linux/ESXi version seen in the past.
Although some samples, like the macOS variant, require additional configuration and lack proper signing, it is evident that LockBit is actively testing its ransomware on various platforms, indicating an imminent expansion of their attacks.
This development highlights the urgent need for robust cybersecurity measures across all platforms and increased awareness within the business community.
LockBit’s continual infrastructure enhancements, combined with the adoption of code from other ransomware groups, present a significant and evolving threat to organizations in various industries.
To mitigate these risks, businesses must reinforce their defenses, regularly update security systems, educate employees on cybersecurity best practices, and establish incident response protocols. This advice comes from Marc Rivero, a senior security researcher at Kaspersky’s Global Research and Analysis Team.
To protect yourself and your business from ransomware attacks, Kaspersky suggests following these rules:
1. Keep all software updated on your devices to prevent vulnerabilities from being exploited.
2. Focus on detecting lateral movements and data leaks to the Internet. Monitor outgoing traffic to identify cybercriminals’ connections to your network. Set up offline backups that cannot be compromised.
3. Activate ransomware protection on all endpoints. Consider using Kaspersky Anti-Ransomware Tool for Business, which shields computers and servers from ransomware and other malware, prevents exploits, and works alongside existing security solutions.
4. Install anti-APT and EDR solutions to enable advanced threat discovery, detection, investigation, and timely incident remediation. Provide your Security Operations Center (SOC) team with access to the latest threat intelligence and regular professional training. Kaspersky Expert Security offers all of these capabilities.
5. Grant your SOC team access to the latest threat intelligence through the Kaspersky Threat Intelligence Portal. This portal provides you with cyberattack data and insights collected by Kaspersky over the past 20 years. To help businesses bolster their defenses, Kaspersky is offering free access to continuously updated, globally sourced information on current cyberattacks and threats. To request access to this offer, go here.
