Lockbit ransomware on the rise

[ad_1]

Global consulting firm Accenture was recently hit by a ransomware attack that was allegedly carried by the ransomware group, LockBit.

In response, SKOUT Managed XDR (now a Barracuda offering) has updated their threat intelligence to include key indicators of compromised and developed custom rules to detect LockBit ransomware.

Technical detail on Lockbit

What is the threat?

LockBit ransomware is a malicious software designed to block user access to computer systems in exchange for a ransom payment. LockBit will automatically scan for valuable targets, spread the infection, and encrypt all accessible computer systems on a network. This ransomware is used for highly targeted attacks against enterprises and other organizations.

Why is it noteworthy?

The cyber intelligence firm Cyble reported that LockBit 2.0 sought a $50 million ransom for six terabytes of data that they were able to retrieve from Accenture. Cybercrime intelligence company Hudson Rock reported that 2,500 computers of employees and partners were compromised.

What is the exposure or risk

Regarding this current attack on Accenture, the ransomware group claims to have an inside agent that is still currently working within the company. Although it is likely a scare tactic, standard security procedures such as “least privilege” become even more imperative to follow to shrink attack vectors.

What are the recommendations?

We recommend that IT professionals reassess and simplify user account permissions as well as clean out outdated and unused accounts. In addition, having system wide backups and clean local machine images prepared can be crucial in the event of an attack.

References

For more in-depth information about the recommendations, please visit the following links:

For more info on how to best prepare your MSP business to protect clients from cyberthreats, visit the Barracuda SKOUT Managed XDR page.

Photo: Pattysan / Shutterstock