Australian government warns of attacks with LockBit ransomware

The Australian government has issued a warning about the LockBit 2.0 ransomware after several organizations in the country were victimized. In addition, data on systems was encrypted. The attackers also claim that data has been stolen and that it will be published if the affected organizations do not pay a ransom.

According to the Australian Cyber ​​Security Center (ACSC), the victims in Australia are active in a variety of sectors, including professional services, construction, manufacturing, retail and food.

The LockBit ransomware has been active since 2019 and is offered as a Ransomware-as-a-Service (RaaS). Through RaaS, criminals can easily have ransomware at their disposal, with part of the income going to the developer of the ransomware. In this case, criminals still have to spread the ransomware themselves. Version 2.0 of the ransomware was released in June this year, according to the ACSC.

According to the ACSC, the attackers are exploiting a vulnerability in Fortinet FortiOS and FortiProxy to gain access to organizations' networks. This is a vulnerability identified as CVE-2018-13379 for which a security update was released on November 26, 2019. The vulnerability allows an attacker to steal VPN user credentials. Organizations are therefore advised to patch the vulnerability in question and enable multi-factor authentication for all users. Furthermore, daily backups and network segmentation are recommended.

Previous Post Next Post