LockBit ransomware focuses on SMEs
SMEs in focus: Sophos presents its latest study on LockBit ransomware. Two techniques stand out: first, using automated tools to infect certain tax and accounting software on hacked networks with ransomware, and second, renaming PowerShell files to disguise yourself. “LockBit attackers use automated attack tools to identify promising targets,” summarizes Sean Gallagher, senior threat researcher at Sophos. The analysis reveals how the criminals use PowerShell tools to search for specific business applications on hacked networks, including tax and accounting software. If a fingerprint generated by this search meets the keyword criteria,...