Analysts name the most dangerous group of ransomware hackers

Cybersecurity company SecurityHQ has named the most dangerous group of ransomware hackers that poses a serious threat to the security of users in many countries. According to analysts, LockBit attacks are usually aimed at government agencies and enterprises in the healthcare, finance, industrial goods, and services sectors.

Most often, the victims of the group’s attacks are the United States, China, India, Indonesia, Ukraine, France, the United Kingdom, and Germany. The hackers have created their own ransomware, LockBit, which was first discovered in September 2019. It was previously known as ABCD because of the «.abcd» extension given to encrypted files. LockBit now uses the malware of the same name and operates on a «ransomware as a service» (RaaS) model — the group’s partners make a deposit to use the tool and then share the proceeds with LockBit operators.

The initial methods of LockBit attacks include social engineering: phishing, compromising business emails, using publicly available applications, and stolen credentials.

An interesting feature of the LockBit app is that it is programmed in such a way that it cannot be used to attack Russia or the CIS countries. This suggests some thoughts about the origin of the group’s members.

In 2022, the LockBit group reported more successful attacks than any other ransomware gang. Another feature of LockBit hackers is their Bug Bounty program. The group is offering a $ 1 million reward to anyone who can identify the hackers.Regarding cyberattacks on Ukraine, the head of the State Service for Special Communications and Information Protection, Yuriy Shchyhol, said that 9 out of 10 cyberattacks are caused by the negligence and ignorance of personnel. «To reduce the risks, we advise all companies, and members of the media community in particular, to constantly audit the cybersecurity of their own systems to identify possible gaps in protection in a timely manner and determine steps to eliminate them,» Shchyhol told Ukrinform last week.