Context:
Recent reports emerged that for the first time, the LockBit Ransomware was found to be targeting Mac devices.
Relevance:
GS III: Cyber Security
Dimensions of the Article:
- About LockBit Ransomware:
- How does LockBit ransomware work?
- Why is LockBit targeting macOS?
About LockBit Ransomware:
- LockBit is a type of malicious software designed to block user access to computer systems in exchange for a ransom payment.
- Formerly known as “ABCD” ransomware, it has since evolved into a unique threat within the scope of extortion tools.
- It belongs to the subclass of ransomware known as “crypto virus” as it forms its ransom requests around financial payment in exchange for decryption.
- LockBit primarily targets enterprises and government organizations rather than individuals.
- It operates as ransomware-as-a-service (RaaS), where willing parties put down a deposit for the use of custom for-hire attacks and profit under an affiliate framework.
How does LockBit ransomware work?
- Self-spreading malware: LockBit is a type of self-spreading malware that can infiltrate a single device with access to an organizational intranet, and then spread to other connected devices without requiring additional instructions.
- Hiding files: The ransomware can hide executable encryption files by disguising them in the .PNG format, which helps to avoid detection by system defenses.
- Phishing tactics: Attackers use various social engineering methods, including phishing tactics, to impersonate trusted personnel or authorities to lure victims into sharing their login credentials or other sensitive information.
- Encryption payload: Once LockBit has gained access to a system, it prepares to release its encryption payload across as many devices as possible, encrypting files and demanding a ransom payment in exchange for the decryption key.
- Disabling recovery options: LockBit also disables security programs and other infrastructures that could permit system data recovery, making it difficult or impossible for victims to regain access to their files without paying the ransom.
Why is LockBit targeting macOS?
- LockBit is aiming to broaden the reach of their attacks and potentially increase their profits by targeting macOS systems. Historically, ransomware has primarily targeted Windows, Linux, and VMware ESXi servers, but the gang is now testing encryptors for macOS.
- The current encryptors for macOS have not been found to be fully operational, but it is believed that the group is actively developing tools to target macOS.
- The primary objective of targeting macOS is likely to generate more money from their ransomware operation by expanding the range of systems targeted.
-Source: The Hindu