FBI says watch out for LockBit 2.0 ransomware, here’s how to reduce the risk to your network
The FBI has published a new warning regarding the LockBit 2.0 ransomware, recommending that companies be diligent in enabling multi-factor authentication. In addition, the agency has advised that admin and high-value accounts implement unique and strong passwords to avoid risks caused by the ransomware, which is one of the most prominent attack groups on the internet at this time. Multi-factor authentication (MFA) is vital in protecting against compromised user and admin passwords, however, 78% of organizations that utilize Azure Active Directory do not enable MFA, says Microsoft. LockBit 2,0 primarily targets Windows PCs and Linux servers via bugs in VMWare’s ESXi virtual machines.
LockBit 2.0 has been responsible for attacks against tech consulting and services giant Accenture, France’s Ministry of Justice, and many more. LockBit’s operators will use any method available to compromise a network, such as buying access to an already compromised network, exploiting software bugs, and paying for insider access. In addition, the operators use exploits for previously known zero-day flaws. The FBI stated that LockBit’s operators have started advertising for insiders at a target company to help them establish initial access into the network, offering insiders a cut of the proceeds in return.