Australian govt warns of escalating LockBit ransomware attacks
The Australian Cyber Security Centre (ACSC) warns of an increase of LockBit 2.0 ransomware attacks against Australian organizations starting July 2021.
“ACSC has observed an increase in reporting of LockBit 2.0 ransomware incidents in Australia,” Australia’s cybersecurity agency said in a security alert issued on Thursday.
According to the agency, LockBit victims also report threats of having data stolen during the attacks leaked online, a known and popular tactic among ransomware gangs to coerce their targets into paying the ransoms.
Increasing number of attacks since July
“The majority of victims known to the ACSC have been reported after July 2021, indicating a sharp and significant increase in domestic victims in comparison to other tracked ransomware variants,” the ACSC added.
“The ACSC has observed LockBit affiliates successfully deploying ransomware on corporate systems in a variety of sectors including professional services, construction, manufacturing, retail and food.”
The agency also published a ransomware profile with additional information on the LockBit group, including initial access indicators, targeted sectors, and mitigation measures.
It added that these threat actors are opportunistic and could target organizations from any industry sector. Therefore, not being included in the list of already targeted sectors does not necessarily indicate LockBit’s target won’t switch to other industries.
The ACSC provides mitigations focused on LockBit TTPs (Tactics, Techniques, and Procedures), which include:
- enabling multifactor authentication (MFA) on all accounts to block the use of stolen credentials
- encrypting sensitive data at rest to block exfiltration of sensitive information
- segmenting corporate networks and restricting admin privileges to block lateral movement and privilege escalation attempts
- maintaining daily backups to reduce a successful attack’s impact
- patching internet facing Fortinet device against CVE-2018-13379, a security bug heavily exploited by LockBit to breach networks
Organizations affected by these escalating ransomware attacks or who need assistance are advised to reach out using ACSC’s 1300 CYBER1 hotline.
