An evolved LockBit variant emerges

• Kaspersky, a cybersecurity company, found a new version of LockBit ransomware that’s different from the original. This one tells you upfront how much money you need to pay to get your files back.
• Since a version of LockBit got leaked, there are now hundreds of similar ransomwares out there, and some don’t even mention they’re based on LockBit. Some people seem to be rushing to make these or not putting much effort into changing them.
• LockBit is really dangerous; it has stolen about $91 million just from people in the U.S. since 2020. Last year, 16% of all the attacks from this kind of ransomware targeted local governments and public services like schools.

Kaspersky’s cybersecurity team recently flagged a distinct LockBit variant targeting an undisclosed organization. This new strain comes courtesy of a group dubbing itself NATIONAL HAZARD AGENCY, and it departs from the original LockBit 3.0 in its approach to ransom demands.

ADVERTISEMENT

Typically, LockBit ransomware operates through an exclusive platform where it communicates ambiguously with its victims, avoiding explicit ransom amounts. However, this new version by NATIONAL HAZARD AGENCY sets itself apart by being upfront about the exact sum required for decryption. Instead of relying on a bespoke platform for negotiations, the group instructed victims to use a Tox service and email as channels for communication.

Dangers of the LockBit 3.0

The ripple effect of the LockBit 3.0 ransomware builder leak is vast, spawning an array of customized ransomware variations. According to data from Kaspersky, nearly 400 unique samples of LockBit ransomware have been identified, with a significant 312 crafted using the leaked builder. Interestingly, at least 77 of these samples have gone so far as to omit any mention of LockBit in their ransom notes, seemingly severing ties with the original code.

“Many of the detected parameters correspond to the default configuration of the builder, only some contain minor changes,” observed the cybersecurity researchers, suggesting that some attackers may be either hurriedly deploying the ransomware or simply cutting corners.

LockBit’s status as a formidable threat in the ransomware arena was recently corroborated by a joint advisory from the US Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and cybersecurity agencies from several other nations including Australia, Canada, and the United Kingdom.

The advisory noted that LockBit was responsible for extorting around $91 million from U.S. targets alone since 2020. Over the last three years, the group infiltrated about 1,700 U.S. organizations. Data from the Multi-State Information Sharing and Analysis Center (MS-ISAC) reveals that 16% of all attacks last year targeted State, Local, and Tribunal (SLTT) governments, spotlighting a vulnerability among public entities such as municipalities, schools, and public service organizations.

Advertisement