Header image overlay

LockBit Ransomware, the new cyber threat that puts businesses on edge

It has not been out of the news lately.
A new threat that tests the foundations of our cybersecurity: LockBit ransomware.
But what exactly is it? And more importantly, how can you guard against such attacks.

What is LockBit?

LockBit logo LockBit is an advanced form of ransomware first discovered in September 2019. The malware is designed to quickly and efficiently encrypt files on infected systems, making it impossible for organisations to access their own data without paying for the decryption key.

What makes LockBit especially dangerous is the speed with which it can spread within a network. After infection, the ransomware looks for connected systems and devices to spread further and encrypt more files. In this way, it can easily extort businesses by disrupting business activities and stealing and disclosing data.

LockBit avoids detection by disabling security software and hiding from monitoring, making quick identification and containment by security teams difficult. Another feature: It uses 'double-extortion' by stealing data and threatening to leak it if payment is not made. This increases the pressure to pay on victims through potential reputational damage and legal consequences.

The attackers behind LockBit often operate through a 'Ransomware-as-a-Service' (RaaS) model, renting out their ransomware infrastructure to other cybercriminals. This makes it easier for less tech-savvy attackers to carry out ransomware campaigns, contributing to the spread and danger of LockBit.

How does LockBit work?

LockBit ransomware is considered by experts to be part of the "LockerGoga & MegaCortex" malware family. They behave similarly to this well-known form of ransomware.
They have the following characteristics:

  • It spreads itself within an organisation and requires no manual actions;
  • Targeted: it is not distributed haphazardly like spam;
  • They use similar tools to spread like Windows Powershell and Server Message Block.

The important thing to remember is that these attacks are self-propagating. There is an automated process programmed in advance.
After reaching one host manually, the attacker can easily find other hosts and link them to the infected host to spread the infection.

LockBit attacks unfold in three stages:

  • Exploitation: First, they exploit network weaknesses, often through phishing or brute force, to gain access and prepare the network for malware propagation.
  • Infiltration: LockBit then infiltrates deeper to gain control of the system, disabling security mechanisms and preparing for attack
  • Implementation: In the final stage, the encryption malware is spread, locking files until a ransom is paid. Although victims are encouraged to pay a ransom, there is no guarantee of file recovery.

How do we tackle ransomware?

At VanRoey, we recognise that having the right tools is only the beginning. An effective defence against ransomware like LockBit requires, on the one hand, a deep understanding of the threat and the underlying technology, and on the other, a layered security approach that goes beyond traditional methods.

Our approach includes continuous monitoring, rapid incident response, and continuous fine-tuning of security measures on the evolving threat landscape. In addition, we strongly believe in the importance of Security Awareness, as human error often plays a critical role in successful cyberattacks.
With our Zero Trust strategy we strengthen the first line of defence against attacks such as LockBit, but the most important factor is Managed Detection & Response (MDR). This will nip an actual infection, even in the case of an unprecedented zero-day, in the bud immediately and thanks to artificial intelligence.

Protect yourself from malware like Lockbit, together with VanRoey

Wondering how we put a rock-solid IT security puzzle in place at thousands of organisations to protect them from (among other things) ransomware?

Feel free to talk to us and we will be happy to show you how and why our tools work so effectively. You can also count on us for a thorough IT Security Audit, so you know perfectly how vulnerable your environment is today... You will also get a comprehensive report on what concrete steps you can take to improve security.

vat no.*

"It is also important to think: 'What after a hack or ransomware?' How quickly will we be operational again? Is our backup not infected...? Here, too, VanRoey provides a 'Disaster Recovery Plan'."

share this post:

How well secured are you?
Our comprehensive IT Security Audit tests your entire IT environment for vulnerabilities. A certified expert evaluates the analysis and summarises...

Written by:

Filip Verboven
Marketer at VanRoey

Filip has been working as an all-round marketer for VanRoey since January 2023 where he mainly focuses on event and partnership marketing. He works closely with our partners & vendors to set up qualitative and impactful actions and events with them.

Our own Inspiration Centre in Geel provides the perfect setting to welcome you this autumn and take you into the latest trends within the IT world.

Attention: limited number of places!