Australian Cyber Security Centre reports multiple victims of LockBit 2.0 ransomware

Australian Cyber Security Centre reports multiple victims of LockBit 2.0 ransomware

A ransomware attack called LockBit 2.0 has hit multiple organisations across various industry sectors according to the Australian Cyber Security Centre (ACSC), with the government body publishing a 'medium' alert for the cybercrime.

The ACSC says the attack sees victims receive demands for ransom payments and the encryption of data, with some reporting they have received threats that data stolen during the incidents will be published publicly.

According to the Centre, LockBit 2.0 restricts access to corporate files and systems by encrypting them into a locked and unusable format. Victims receive instructions on how to engage with the offenders after encryption.

"LockBit affiliates have successfully deployed ransomware on corporate systems in a variety of countries and sectors, including Australia, where the ACSC is aware of numerous incidents since 2020," ACSC says.

"LockBit affiliates are known to implement the 'double extortion' technique by uploading stolen and sensitive victim information to their dark web site 'LockBit 2.0', and threatening to sell and/or release this information if their ransom demands are not met."

The program is offered as ransomware-as-a-service (RaaS) to cybercriminals, enabling affiliates to use it as desired, provided a percentage of the profits gained using it are shared with the LockBit operators as commission.

Operators of the platform have appeared on Russian-language cybercrime forums since January 2020 according to ACSC, but the '2.0' version of LockBit was released in June this year bundled with a built-in information stealing function called 'StealBit'.

"The ACSC is aware of numerous incidents involving LockBit and its successor 'LockBit 2.0' in Australia since 2020. The majority of victims known to the ACSC have been reported after July 2021, indicating a sharp and significant increase in domestic victims in comparison to other tracked ransomware variants," ACSC said.

"The ACSC has observed LockBit affiliates successfully deploying ransomware on corporate systems in a variety of sectors including professional services, construction, manufacturing, retail and food.

"Additionally, threat actors involved in ransomware activity are opportunistic in nature and are capable of victimising organisations in any sector; as such, inclusion or exclusion from this list is not indicative of future LockBit behaviour."

The ACSC says it is still monitoring the situation but organisations that have been impacted or require assistance are encouraged to contact the Centre via 1300 CYBER1.

Get our daily business news

Sign up to our free email news updates.

 
Whitefox Recruitment founder Luke Hemmings making strides as a careers leader
Partner Content
After relocating his Canberra-founded company Whitefox Recruitment to the Gold Coast la...
Whitefox Recruitment
Advertisement

Related Stories

Business email compromise scams cheat Australians out of $79m

Business email compromise scams cheat Australians out of $79m

The rise of remote working has been exploited by scammers who hav...

Cybersecurity is a business risk, not an IT problem

Cybersecurity is a business risk, not an IT problem

A cyber attack on a business is about more than technology. The ...

28 Data#3 customers impacted by cyber attack

28 Data#3 customers impacted by cyber attack

Cloud computing and IT solutions provider Data#3 (ASX: DTL) has b...

WhiteHawk lands milestone $5.9m cybersecurity contract

WhiteHawk lands milestone $5.9m cybersecurity contract

The following article is sponsored content in partnership with W...