Tag: lockbit
LockBit Ransomware Samples For Apple Macs Hint At New Risks For MacOS Users
Researchers say the LockBit Mac ransomware appears to be more of a first foray than anything that’s fully functional and ready to be used. But the tinkering could indicate future plans, especially given that more businesses and institutions have been incorporating Macs, which could make it more appealing for ransomware attackers to invest time and resources so they can target Apple computers. “It’s unsurprising but concerning that a large and successful ransomware group has now set their sights on macOS,” says longtime Mac security researcher and Objective-See Foundation founder Patrick Wardle. “It would be naive to assume that LockBit won’t improve and iterate on this ransomware, potentially creating a more effective and destructive version.”
For now, Wardle notes that LockBit’s macOS encryptors seem to be in a very early phase and still have fundamental development issues like crashing on launch. And to create truly effective attack tools, LockBit will need to figure out how to circumvent macOS protections, including validity checks that Apple has added in recent years for running new software on Macs. “In some sense, Apple is ahead of the threat, as recent versions of macOS ship with a myriad of built-in security mechanisms aimed to directly thwart, or at least reduce the impact of, ransomware attacks,” Wardle says. “However, well-funded ransomware groups will continue to evolve their malicious creations.”
Read more of this story at Slashdot.
Security researchers find LockBit ransomware can target macOS devices
One of the most notorious ransomware gangs appears to have recently begun targeting Mac computers for the first time. In a series of tweets spotted by 9to5Mac, a group of security researchers known as the MalwareHunterTeam said on Saturday they recently found evidence of a Lockbit ransomware build designed to compromise macOS devices. As far as the group is aware, Saturday’s announcement marks the first public notice that Lockbit’s ransomware could be used against Apple computers, though it appears the gang has offered that capability since last fall.
“locker_Apple_M1_64”: 3e4bbd21756ae30c24ff7d6942656be024139f8180b7bddd4e5c62a9dfbd8c79
As much as I can tell, this is the first Apple’s Mac devices targeting build of LockBit ransomware sample seen…
Also is this a first for the “big name” gangs?
🤔@patrickwardle
cc @cyb3ropspic.twitter.com/SMuN3Rmodl— MalwareHunterTeam (@malwrhunterteam) April 15, 2023
“I think this is the first time one of the major ransomware players has taken aim at Apple’s OS,” security analyst Brett Callow said, pointing to the significance of the disclosure. As 9to5Mac notes, the LockBit gang has historically focused on Windows, Linux and virtual host machines. The reason being those operating systems are overwhelmingly used by the businesses the group’s partners target. For those who don’t know, the Lockbit gang runs what’s known as a “ransomware-as-a-service” operation. The group doesn’t directly involve itself in the business of extracting ransoms from businesses. What it does do is build and maintain the malware affiliates can pay to use against an organization. According to an indictment the US Department of Justice unsealed last fall, LockBit is “one of the most active and destructive ransomware variants in the world.” As of late 2022, the software has infected the computer systems of at least 1,000 victims, including a Holiday Inn hotel in Turkey. It’s believed the gang’s partners have claimed tens of millions of dollars from victims.
This article originally appeared on Engadget at https://www.engadget.com/security-researchers-find-lockbit-ransomware-can-target-macos-devices-164446912.html?src=rss
The Unrelenting Menace of the LockBit Ransomware Gang
LockBit ransomware gang apologizes for SickKids hospital attack and offers free decryptor
One of the world’s most notorious ransomware gangs has issued a rare apology after claiming that one of its partners was responsible for a cyberattack on Canada’s largest pediatric hospital. On December 18th, the Hospital for Sick Children (SickKids) in Toronto fell victim to a ransomware attack that left the institution unable to access many of its critical systems. The incident led to an increase in patient wait times. As of December 29th, SickKids said it had regained access to almost 50 percent of its priority systems, including those that had caused diagnostic and treatment delays.
SickKids is aware of a statement from a ransomware group offering a decryptor to restore systems impacted by the cybersecurity incident on December 18. Read more: https://t.co/clU1IqK7Qhpic.twitter.com/H9S4ERgih7
— SickKids_TheHospital (@SickKidsNews) January 1, 2023
Over the weekend, security researcher Dominic Alvieri spotted an apology from the LockBit gang for its involvement in the incident. The group said it would provide a free decryptor to SickKids and that it had blocked the “partner” who carried out the attack for violating the gang’s rules. As BleepingComputer notes, the LockBit group runs what’s known as a “ransomware-as-a-service” operation. The organization has affiliates that do the dirty work of finding targets to compromise and extract payment from, while the primary operation maintains the malware that partners use to lock systems. As part of that arrangement, the gang takes a 20 percent cut of all ransom payments. Additionally, the group claims to prohibit affiliates from targeting “medical institutions” where an attack could lead to someone’s death.
On Sunday, SickKids acknowledged the statement and said it was working with outside security experts to “validate and assess the use of the decryptor,” adding that it had not made any ransom payments. The hospital also said it recently restored access to about 60 percent of its priority system. It’s unclear why it took the LockBit gang nearly two weeks to offer help to SickKids if the attack was against its code. It’s also worth noting that the group has a history of targeting hospitals and not sending them a decryptor. Earlier this year, for instance, the group demanded a $1 million ransom from the Center Hospitalier Sud Francilien in France and eventually leaked patient data after the hospital refused to pay.
LockBit ransomware attacks port infrastructures, releases free decryptor for children’s hospital
It’s been a busy end of year for LockBit, the infamous ransomware operation offering its encryption capabilities to script kiddies and other interested partners in crime. The ransomware was first responsible for an attack against the Port of Lisbon Administration, which manages Portugal’s third-largest port and one of the most…
Alleged LockBit ransomware gang member arrested in Canada
Authorities in Canada have arrested an alleged member of the LockBit ransomware gang, according to the Department of Justice. Mikhail Vasiliev, a dual Russian-Canadian citizen, is awaiting extradition to the US, where he is charged with conspiracy to intentionally damage protected computers and to transmit ransom demands. Vasiliev faces a prison sentence of up to five years and a fine of up to $250,000 if he is convicted.
According to the complaint, the LockBit ransomware first emerged around January 2020, and the FBI has been investigating those behind it since March of that year. The DOJ claims LockBit is “one of the most active and destructive ransomware variants in the world,” having claimed at least 1,000 victims, including a Holiday Inn hotel in Turkey. The agency added that members of the LockBit gang have demanded at least $100 million in total ransom payments. The gang has claimed tens of millions of dollars from victims, according to the DOJ.
“This arrest is the result of over two-and-a-half years of investigation into the LockBit ransomware group, which has harmed victims in the United States and around the world,” deputy attorney general Lisa O. Monaco said in a statement. “Let this be yet another warning to ransomware actors: working with partners around the world, the Department of Justice will continue to disrupt cyber threats and hold perpetrators to account. With our partners, we will use every available tool to disrupt, deter and punish cyber criminals.”