The Australian Cyber Security Centre (ACSC) warns of an escalation in LockBit 2.0 ransomware attacks against Australian organizations in multiple industry sectors starting July 2021. The Australian agency also published 2021-006: ACSC Ransomware Profile – Lockbit 2.0 which includes info related to the activity of the gang, such as initial access, threat activity and mitigations.
“The ACSC has received reporting from a number of Australian organisations that have been impacted by LockBit 2.0 ransomware. This activity has occurred across multiple industry sectors. Victims have received demands for ransom payments. In addition to the encryption of data, victims have received threats that data stolen during the incidents will be published.” reads the alert published by the Centre.
Ransomware operators also stole data from the victims and leaked it online when they refused to pay the ransom.
Most of the attacks have been reported in July, the organizations hit by the ransomware gang operate in professional services, construction, manufacturing, retail, and food industries.
“The ACSC is aware of numerous incidents involving LockBit and its successor ‘LockBit 2.0’ in Australia since 2020. The majority of victims known to the ACSC have been reported after July 2021, indicating a sharp and significant increase in domestic victims in comparison to other tracked ransomware variants.” states the advisory. “The ACSC has observed LockBit affiliates successfully deploying ransomware on corporate systems in a variety of sectors including professional services, construction, manufacturing, retail and food.”
The government experts recommend enabling multifactor authentication (MFA) on all accounts to block to prevent the abuse of stolen credentials, to enforce the Principle of Least Privilege, encrypt sensitive data at rest, segment corporate networks, implement an efficient backup policy, keep your systems up to date.
Experts warn of active exploitation of the CVE-2018-13379, a security bug heavily exploited by LockBit to breach networks.
Organizations that have been hit by Lockbit 2.0 ransomware attacks could request assistance contacting the Centre through the ACSC’s 1300 CYBER1 hotline.
(SecurityAffairs – hacking, LockBit 2.0)