A ransomware attack called LockBit 2.0 has hit multiple organisations across various industry sectors according to the Australian Cyber Security Centre (ACSC), with the government body publishing a 'medium' alert for the cybercrime.
The ACSC says the attack sees victims receive demands for ransom payments and the encryption of data, with some reporting they have received threats that data stolen during the incidents will be published publicly.
According to the Centre, LockBit 2.0 restricts access to corporate files and systems by encrypting them into a locked and unusable format. Victims receive instructions on how to engage with the offenders after encryption.
"LockBit affiliates have successfully deployed ransomware on corporate systems in a variety of countries and sectors, including Australia, where the ACSC is aware of numerous incidents since 2020," ACSC says.
"LockBit affiliates are known to implement the 'double extortion' technique by uploading stolen and sensitive victim information to their dark web site 'LockBit 2.0', and threatening to sell and/or release this information if their ransom demands are not met."
The program is offered as ransomware-as-a-service (RaaS) to cybercriminals, enabling affiliates to use it as desired, provided a percentage of the profits gained using it are shared with the LockBit operators as commission.
Operators of the platform have appeared on Russian-language cybercrime forums since January 2020 according to ACSC, but the '2.0' version of LockBit was released in June this year bundled with a built-in information stealing function called 'StealBit'.
"The ACSC is aware of numerous incidents involving LockBit and its successor 'LockBit 2.0' in Australia since 2020. The majority of victims known to the ACSC have been reported after July 2021, indicating a sharp and significant increase in domestic victims in comparison to other tracked ransomware variants," ACSC said.
"The ACSC has observed LockBit affiliates successfully deploying ransomware on corporate systems in a variety of sectors including professional services, construction, manufacturing, retail and food.
"Additionally, threat actors involved in ransomware activity are opportunistic in nature and are capable of victimising organisations in any sector; as such, inclusion or exclusion from this list is not indicative of future LockBit behaviour."
The ACSC says it is still monitoring the situation but organisations that have been impacted or require assistance are encouraged to contact the Centre via 1300 CYBER1.
Help us deliver quality journalism to you.
As a free and independent news site providing daily updates
during a period of unprecedented challenges for businesses everywhere
we call on your support