Insider threat to Corporate Networks through LockBit Ransomware

Gangs spreading LockBit ransomware are reportedly bribing employees of corporate companies to enter their computer network and compromise it with file encrypting malware. And in return, the employees are being offered millions of dollars as bribe in the form of either cryptocurrency, such as BTC or a holiday package for a month on a cruise or at a scenic destination.

Yes, what you’ve read is right! As LockBit 2.0 ransomware spreading gang seems to go employing craze techniques to keep their money counters ringing.

LockBit that offers Ransomware- as-a-service was offering compromised network access to third parties to conduct pen-testing and espionage related software testing.

In order to keep their activities alive, the said malware spreading gang started recruiting insiders to provide access to multinational company networks. This includes managerial level employees, network admins, and some employees supervising physical security operations as well.

Mind you, hackers are interested in corporate email IDs, RDP, VPN credentials, logins and email content only and are disinterested in gaining information like designations, employee names, salaries, and other such irrelevant details that are already available online.

From the first week of June this year, that is from the launch of LockBit 2.0 Ransomware-as-a-service, hackers involved in crime are seen taking help of redesigned TOR sites and many advanced features to encrypt devices on a network in an automated way.

Note- In August 2020, a ransomware spreading gang that speaks Russian was found recruiting a Tesla company employee from Nevada’s GigaFactory and the insider was squared with millions of dollars bribe to infect the industrial network with malware.

Ad
Join over 500,000 cybersecurity professionals in our LinkedIn group "Information Security Community"!
Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display