Lockbit Hits India and South Africa
Lockbit announced 2 more victims on its list, Nampak from South Africa and Polycab from India. It is unclear how much data Lockbit has managed to steal, and the victims haven’t commented on the incidents yet.
- Nampak is in the business of manufacturing and designing packaging, while Polycab produces and sells wires, cables, and fast-moving electrical goods
- The Indian Polycab is an especially valuable target, given that it packs a revenue of over $2 billion
- Lockbit is known to prioritize high-value targets and adjust the value of the ransom based on the victim’s overall revenue
- Lockbit has been the target of Operation Cronos recently, conducted by the FBI, which aimed to dismantle the cybercriminal organization
Despite the FBI targeting the group and seizing the hackers’ website, Lockbit was back in business several days later. Their first target was the FBI itself, which showed that the cybercriminals were not intimidated.
Although Operation Cronos was unsuccessful, it wasn’t a complete failure. The FBI gathered a lot of information about the ransomware organization, including a long list of past and future victims. They also seized hundreds of decryption keys in the process.
They passed the keys to the respective victims so that they could restore their systems.
Operation Cronos also revealed that Lockbit has accumulated over 2,000 victims throughout its activity and that hundreds more were in the works. Not only that, but the cybercriminal ring already had Lockbit version 4.0 in the works.
According to those working on the case, the 4.0 version was in advanced stages of development. This means that it’s set to release shortly.
Our Mission
We believe security online security matters and its our mission to make it a safer place.
How Lockbit Works
Lockbit uses the typical double-extortion method. They encrypt the victim’s files, and then steal as much confidential information as they can. The hackers will use the decryption key and the stolen data as leverage during negotiations.
If the victim pays up, the hackers will provide the decryption key and will delete the stolen data. However, experts warn that trusting the hackers and taking their word for it is not wise. While the hackers will provide the decryption key, they won’t necessarily delete the data.
In many cases, it was discovered that some ransomware actors not only do not delete the data but even make it public or sell it to other ransomware groups. This will inevitably lead to other ransomware or DDoS attacks or other types of breaches.
It is a widespread belief that most ransomware groups do this for extra financial gain.
Not only that, but hackers tend to leave hidden access doors into the victim’s system without the victim even being aware of them. These will allow the hacker to infiltrate the same targets again at a later point in time.
They can also sell the credentials to these access doors to other cybercriminal gangs, making the situation worse. It’s for this reason that cybersecurity professionals advise against negotiating with the hackers.
The best way to go about it is to ignore the demands for negotiation and work on rebuilding your defenses against these types of attacks.