Lock Bit Ransomware: Too quick to spread on 225 systems

May 15, 2020
lock bit ransomware

Too Quick But True

Lock bit Ransomware, since its release last year of September 2019, is making its name towards the hacking community. The program targets corporate networks to infiltrate their stronghold and for the attacker to demand a large amount of money on their target.

This program was well known as a service since the take-in is split between the developer and the distributor. It is merely a for-hire application that even a neophyte hacker can obtain from the maker and can be used stealthily for its purpose. The code and its prerequisites are easily understood and easily executed. In the end, the developer can get 25-40%, while 60-75% can get by the distributor, respectively.


Examining the Ransomware

The combined efforts of researchers from McAfee Labs and cybersecurity firm Northwave performed an in-depth analysis of the application. They were able to trim down its process. They confirmed that the app makes a brute force attack on an administrator account of the corporate system. The attack is tunneled through an outdated VPN to push its way to the business technology infrastructure. Once an administrator account is compromised, the application will now be able to infect workstations within the limit of its access.

The Lock bit ransomware application becomes famous for its unique attributes of spreading or multiplying by itself. On typical ransomware applications, a hacker needs to spend more time or to be hands-on in spreading the malware onto the different workstations. They need to extract and run the malware manually in each computer to infiltrate the whole network. Few days or maybe weeks are required to complete the mission. Malware detection and possible failure of the attack is expected to happen because the process is time-consuming. While with the use of Lock bit Ransomware, the attacker or distributor, as reported, will only need at least 3 hours for 255 computers or workstations to be infected. The rest of spreading the virus is done by the program itself of self-replicating and self-extracting.  Like a touch-and-go system that once you touch-based single system, you can now go and leave it as everything moving forward is automated.


Vigilance is the key

With this type of program in the market, corporate system administrators should be more vigilant and proactively device a plan when such attacks happen within their grip. Mitigation strategies should always be on the run as the money loss for this attack is not a joke. Furthermore, once a company heeds to the attacker’s demand, they may come back for much higher demand, else an endless ransom. For this very reason, many Cyber-security group advised corporate businesses to invest in expensive anti-malware protection program rather than be hooked onto a hacker’s will.

About the author

Leave a Reply