LockBit is alive

B2B Cyber ​​Security ShortNews

Share post

A few days ago, international law enforcement authorities scored a decisive blow against Lockbit. However, according to a comment from Chester Wisniewski, Director, Global Field CTO at Sophos, some of their infrastructure is still online, which likely indicates that some of the Lockbit cybercriminal group have not yet been caught.

The chance of them joining other groups or forming a new group would not be a surprise. Sophos X-Ops is now publishing a report about the recently known security vulnerability in the remote management and monitoring solution ScreenConnect. The detailed analysis also finds a connection with Lockbit.

Christopher Butt, Sophos X-Ops Principal Researcher at Sophos, said: “We have analyzed several attacks in the last 48 hours that exploited the ScreenConnect vulnerability. The most notable was a piece of malware created using the Lockbit 2022 ransomware builder tool leaked in 3. It may not be from the actual Lockbit developers. But we also discovered Remote Access Trojans (RATS), info and password stealers, and other ransomware.

ScreenConnect in sight

“All of this shows that many different attackers are targeting ScreenConnect,” said Christopher Budd, director of Sophos X-Ops Threat Research. “Anyone using ScreenConnect should take steps to immediately isolate vulnerable servers and clients, patch them, and check for signs of compromise. Sophos offers comprehensive guidance and threat hunting materials from Sophos X-Ops to help you. We are continuing our investigation and will make updates as necessary.”

The malware activity of the last 48 hours and the use of Lockbit technology could confirm Chester Wisniewski's suspicion that parts of the Lockbit group are still active or that Lockbit malware technology is still being used by other groups.

More at Sophos.com


About Sophos

More than 100 million users in 150 countries trust Sophos. We offer the best protection against complex IT threats and data loss. Our comprehensive security solutions are easy to deploy, use and manage. They offer the lowest total cost of ownership in the industry. Sophos offers award-winning encryption solutions, security solutions for endpoints, networks, mobile devices, email and the web. In addition, there is support from SophosLabs, our worldwide network of our own analysis centers. The Sophos headquarters are in Boston, USA and Oxford, UK.


Matching articles on the topic

Report: 40 percent more phishing worldwide

The current spam and phishing report from Kaspersky for 2023 speaks for itself: users in Germany are after ➡ Read more

BSI sets minimum standards for web browsers

The BSI has revised the minimum standard for web browsers for administration and published version 3.0. You can remember that ➡ Read more

Stealth malware targets European companies

Hackers are attacking many companies across Europe with stealth malware. ESET researchers have reported a dramatic increase in so-called AceCryptor attacks via ➡ Read more

IT security: Basis for LockBit 4.0 defused

Trend Micro, working with the UK's National Crime Agency (NCA), analyzed the unpublished version that was in development ➡ Read more

MDR and XDR via Google Workspace

Whether in a cafe, airport terminal or home office – employees work in many places. However, this development also brings challenges ➡ Read more

Test: Security software for endpoints and individual PCs

The latest test results from the AV-TEST laboratory show very good performance of 16 established protection solutions for Windows ➡ Read more

FBI: Internet Crime Report counts $12,5 billion in damage 

The FBI's Internet Crime Complaint Center (IC3) has released its 2023 Internet Crime Report, which includes information from over 880.000 ➡ Read more

HeadCrab 2.0 discovered

The HeadCrab campaign against Redis servers, which has been active since 2021, continues to successfully infect targets with the new version. The criminals' mini-blog ➡ Read more