Security experts say the malware has made many more sophisticated improvements, both in its encryption script and in its spread, capable of bypassing conventional security solutions.
In the past 2 months, Bkav experts have continuously received requests for help from many businesses in Vietnam with the common situation that computers in the internal network were all encrypted at the same time, and the data could not be saved.
LockBit 3.0 is starting to 'explode' in Vietnam
Investigation and analysis results from many cases show that the culprit of data encryption is LockBit 3.0, also known as LockBit Black, a ransomware of a famous hacker group, recently destroyed by the International Police Alliance (including the UK's National Crime Agency - NCA, the US Federal Bureau of Investigation - FBI and the European Union Police Agency - Europol).
LockBit Black has more sophisticated improvements than previous variants. They are specifically designed to target Windows Domain management servers in the internal system. After infiltrating, the virus uses these servers to continue spreading to the entire system, disabling security solutions (disable anti-virus, firewall), copying and executing malicious code... In this way, the virus can encrypt all machines in the internal system at the same time without having to attack each machine as before.
Not only does LockBit Black change its method and target, it also has a more dangerous data encryption scenario. Instead of directly encrypting data upon launch, the virus escalates its privileges, then bypasses UAC, and finally reboots the victim's computer into Safe Mode (a mode where only the system and some applications are launched) and performs data encryption in this mode. In this way, the malware can bypass common security solutions.
To avoid being attacked by LockBit as well as other data encryption viruses, Bkav experts recommend that users and system administrators need to:
- Backup important data regularly.
- Do not open internal service ports to the internet when not necessary.
- Evaluate the security of services before opening them to the internet.
- Install strong enough antivirus software for constant protection.
Source link
Comment (0)