On December 19 2024, the supposed administrator of LockBit posted a provocative message on the group’s dark web leak site, teasing the release of a new version of the ransomware.
“Want a lamborghini, a ferrari and lots of ti**y girls? Sign up and start your pentester billionaire journey in 5 minutes with us“, encourages LockBitSupp on the post[1], setting a February 3 deadline for criminals to join their operation. Although innocuous sounding, this post should be taken seriously.
What is LockBit?
LockBit is a group that delivers Ransomware-as-a-Service, providing affiliates with tools to launch ransomware attacks in exchange for a share of their profit. The ransomware encrypts victims’ files, demanding substantial payments for decryption keys. Failure to pay the ransom results in the victims’ files being leaked on LockBit’s leak site. It is believed that LockBit has generated revenues in the multi-billion dollar range[2].
Despite the operation’s websites being taken down by international law enforcement agencies, including the NCA and Europol as part of Operation Cronos in February 2024, some of the alleged developers of LockBit could not be arrested, and the operations kept running – albeit at a smaller scale.
What could this new version mean?
Trend Micro got access to a “work in progress” version of LockBit 4.0 recovered by law enforcement during Operation Cronos. This new version of the ransomware reportedly includes three types of encryption:
- Fast: encrypts the first 4 kb of a file
- Intermittent: encrypts only a certain percentage of the file
- Full: encrypts the entire file.
However, considering the lack of information, the teaser for LockBit 4.0 could also be a marketing ploy or an attempt to instill fear in companies around the world.
How to protect yourself
Although it is still unclear what will happen on February 3, it is never too early nor too late to safeguard against potential threats. Here is how to strengthen your defenses against this type of threats:
- Keep your operating systems, software and firmware updated.
- Require phishing-resistant, non SMS-based multi-factor authentication.
- Organize awareness campaigns to educate users to recognize and report phishing attempts.
- Perform risk assessments and review your action plans.
- Regularly review and test your backups and backup processes.
Malware-as-a-service is now considered the biggest threat to companies around the globe[3]. Taking the steps above will help ensure your company stays safe from LockBit and similarly-designed ransomware.
If you are unsure where to start, get in touch with us here.
Sources:
[1] https://x.com/Ransom_DB/status/1869618606360682990
[2] https://cybernews.com/news/lockbits-ransomware-billions-damages/
[3] https://www.infosecurity-magazine.com/news/malware-service-top-threat/