LockBit adopts attack code for macOS targets


Share post

According to Kaspersky cybersecurity experts, LockBit recently upgraded its multiplatform capabilities. By acquiring attack code from notorious ransomware groups BlackMatter and DarkSide, LockBit is now also targeting macOS systems. 

LockBit is known to attack companies around the world and cause significant financial and operational damage. The recent Kaspersky report shows LockBit's determination to expand their reach and maximize the impact of their malicious activities.

Code adoption from BlackMatter and DarkSide

The cybersecurity community has observed LockBit acquiring code from other notorious ransomware groups such as BlackMatter and DarkSide. This strategic step not only simplifies processes for potential partners, but also expands the range of attack vectors used by LockBit. Recent results from Kaspersky's Threat Attribution Engine (KTAE) show that LockBit took over about 25 percent of the code previously used by the now-defunct Conti ransomware gang. This resulted in a new variant called LockBit Green.

Kaspersky researchers have now discovered a ZIP file containing LockBit samples specifically tailored for multiple architectures including Apple M1, ARM v6, ARM v7, FreeBSD and others. Thorough analysis and investigation using KTAE confirmed that these samples are from the previously observed LockBit Linux/ESXi version.

Many new LockBit variants

While some examples, such as the macOS variant, require additional configuration and are not properly signed, it is evident that LockBit is actively testing its ransomware on various platforms. This points to an impending escalation of attacks and underscores the urgent need for robust cybersecurity measures across all platforms, as well as increased corporate awareness.

"LockBit is a highly active and notorious ransomware group known for its massive cyberattacks on businesses worldwide," said Marc Rivero, Senior Security Researcher in Kaspersky's Global Research and Analysis Team (GReAT). “With its continuous infrastructure improvements and adoption of code from other ransomware groups, LockBit poses a significant and constantly evolving threat to organizations of all industries.

To effectively mitigate the risks posed by LockBit and similar ransomware groups, organizations must now strengthen their defenses, regularly update security systems, educate employees on cybersecurity best practices, and establish incident response logs.”

LockBit: What has happened so far

In the initial phase, LockBit operated without leak portals, double extortion tactics or data exfiltration before actually encrypting data subjects. However, the group continuously evolved its infrastructure and security measures to protect its assets from a wide range of threats, including attacks on its administration panels and disruptive DDoS (Distributed Denial of Service) attacks.

B2B Cyber ​​Security: ChatGPT knows this about the successes of LockBit

We asked ChatGPT what he knows about ChatGPT's achievements. The list is quite short and far from up to date. Real experts know more here.

ChatGPT knows this about the successes of LockBit

LockBit is responsible for several successful ransomware attacks on businesses and organizations. The group has constantly evolved their tactics and techniques to launch more effective attacks. Here are some of LockBit's most notable achievements:

  • Attack on hospitals: In October 2020, LockBit carried out a large-scale ransomware attack on several hospitals in Germany. The attacks disrupted operations and forced affected hospitals to recover patient data and systems.
  • Attack on logistic companies: In November 2020, LockBit managed to attack several logistics companies. The ransomware encrypted the companies' systems and caused significant operational disruptions. This impacted the supply chain and resulted in financial losses.
  • Attack on financial institutions: LockBit has also targeted financial institutions. In February 2021, reports of a successful ransomware attack on a bank in Ukraine were published. The bank had to pay the ransom to regain access to their encrypted data.
  • DarkSide Partnership: LockBit formed a partnership with ransomware group DarkSide in 2021. Together they carried out an attack on Colonial Pipeline, one of the largest pipeline operators in the US. The attack resulted in a temporary shutdown of pipeline operations and had a significant impact on fuel supplies on the US East Coast.

It is important to note that ransomware attackers like LockBit can cause significant damage and often leave affected companies and organizations with difficult decisions about whether or not to pay the ransom. It is highly recommended to take proper security measures to protect yourself from such attacks.


More at Kaspersky.com


About Kaspersky

Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/


Matching articles on the topic

Report: 40 percent more phishing worldwide

The current spam and phishing report from Kaspersky for 2023 speaks for itself: users in Germany are after ➡ Read more

BSI sets minimum standards for web browsers

The BSI has revised the minimum standard for web browsers for administration and published version 3.0. You can remember that ➡ Read more

Stealth malware targets European companies

Hackers are attacking many companies across Europe with stealth malware. ESET researchers have reported a dramatic increase in so-called AceCryptor attacks via ➡ Read more

IT security: Basis for LockBit 4.0 defused

Trend Micro, working with the UK's National Crime Agency (NCA), analyzed the unpublished version that was in development ➡ Read more

MDR and XDR via Google Workspace

Whether in a cafe, airport terminal or home office – employees work in many places. However, this development also brings challenges ➡ Read more

Test: Security software for endpoints and individual PCs

The latest test results from the AV-TEST laboratory show very good performance of 16 established protection solutions for Windows ➡ Read more

FBI: Internet Crime Report counts $12,5 billion in damage 

The FBI's Internet Crime Complaint Center (IC3) has released its 2023 Internet Crime Report, which includes information from over 880.000 ➡ Read more

HeadCrab 2.0 discovered

The HeadCrab campaign against Redis servers, which has been active since 2021, continues to successfully infect targets with the new version. The criminals' mini-blog ➡ Read more