Ransomware, a form of malicious software, has a history spanning over three decades. However, it only gained regular attention in popular media over the last ten years.
This type of malware locks access to computer systems or encrypts files until a ransom is paid. Cybercriminal groups now view ransomware as a lucrative scheme, especially with the emergence of “ransomware as a service,” which enables various groups to profit from successful ransom demands through affiliate schemes.
One prominent group, LockBit, has garnered attention by showcasing high-profile victims on its website. LockBit refers to both the malware and the group behind it, complicating its identification.
LockBit emerged in 2019 as a stealthy malware aimed at infiltrating organizations, locating valuable data, and encrypting it. Unlike mere data theft, LockBit encrypts data and holds it hostage until a ransom is paid, often resorting to threats of data publication (known as double extortion) if the payment deadline isn’t met.
The LockBit group remains largely enigmatic, claiming no specific political allegiance and welcoming an unlimited number of affiliates worldwide solely interested in financial gain. However, they enforce rules prohibiting attacks on certain targets, including critical infrastructure like hospitals and specific post-Soviet countries.
Despite these rules, instances like a Canadian hospital falling victim to LockBit indicate the potential breach of these restrictions by rogue users. Interestingly, LockBit justifies avoiding specific countries due to the high number of members originating from the former Soviet Union, despite the group’s current location in the Netherlands.
LockBit’s victims range from the United Kingdom’s Royal Mail and Ministry of Defence to Japanese company Shimano and aerospace giant Boeing, whose leaked data surfaced after refusing to pay the ransom. LockBit has also allegedly claimed responsibility for the recent ransomware incident involving the Industrial and Commercial Bank of China, linking the group to nearly 2,000 victims in the United States alone.
Ransomware as a service (RaaS) has surged in popularity, mirroring legitimate software services like Microsoft 365, providing cybercriminals with tools to conduct ransomware campaigns efficiently and profitably. These services handle every aspect of the criminal process, enticing new affiliates with a 20% commission and requiring a hefty deposit in Bitcoin.
Preventing ransomware attacks involves robust cybersecurity measures such as system updates, password management, network monitoring, and prompt responses to suspicious activities. The decision to pay a ransom remains subjective for organizations, but bolstering cybersecurity measures can deter criminal groups from targeting easier victims.