The LockBit ransomware gang has released a new version of their ransomware called LockBit Green, which is designed to target cloud-based services. This is the third version of the ransomware created by the notorious gang, after LockBit Red and LockBit Black. LockBit Green is based on the Conti ransomware source code leaks and uses a new Conti-based encryptor. The release of the new version was reported by several security firms and research teams, including Prodaft and vx-underground. The release of LockBit Green signals the growing importance of cloud services to cybercriminals and their increasing use in targeted attacks.
LockBit Ransomware: A Brief Overview
LockBit is a subclass of ransomware known as a crypto virus, which forms its ransom requests around financial payment in exchange for decryption. The ransomware is mainly targeted at enterprises and government organizations rather than individuals. LockBit attacks began in September 2019 when it was dubbed the “.abcd virus.” Historically, LockBit employs a double extortion tactic, where stolen data is threatened to be released or sold if the victim doesn’t pay the ransom. This tactic has proved successful, resulting in millions of dollars in ransom payments.
LockBit Green: A New Threat to Cloud-Based Services
The release of LockBit Green marks a new threat to cloud-based services. The ransomware is designed to encrypt data on cloud servers and services, making them inaccessible to their owners. This puts companies and organizations at risk of losing important data and disrupting their operations, which can result in significant financial losses. LockBit Green’s new Conti-based encryptor makes it even more difficult to detect and recover encrypted data, making it a serious threat to cloud-based services.
The new variant was first discovered by security researchers on several malware-sharing websites, including VirusTotal. The researchers analyzed the sample of LockBit Green and found that it uses a similar approach to other ransomware variants, encrypting data and demanding payment in exchange for decryption. The ransom note contains a link to a Tor payment site, where the victim is asked to pay the ransom in Bitcoin to receive the decryption key.
How LockBit Green Spreads
LockBit Green uses a variety of tactics to spread and infect its targets, including phishing emails and exploiting vulnerabilities in software and operating systems. The ransomware is mainly distributed through spam emails that contain malicious attachments or links to download the ransomware. The emails are often disguised as legitimate messages from trusted sources, making them difficult to detect.
Once LockBit Green infects a device, it begins to scan for available network resources, including cloud servers and services. It then encrypts the data on these resources and demands payment for decryption. The ransomware also adds a file extension to the encrypted data, making it easier to identify and recover.
How to Protect Against LockBit Green
Prevention is the best defense against LockBit Green and other ransomware attacks. Here are some best practices to protect against ransomware attacks:
- Keep software and operating systems up to date with the latest security patches and updates.
- Use strong passwords and enable two-factor authentication to protect against unauthorized access to devices and accounts.
- Educate employees and staff on how to recognize and avoid phishing emails and suspicious links or attachments.
- Use antivirus and antimalware software to detect and remove threats from devices and networks.
- Regularly back up important data to prevent data loss in case of a ransomware attack.
What to Do if Infected by LockBit Green
If you are infected by LockBit Green or any other ransomware, it’s important to act quickly to minimize the damage and increase the chances of data recovery. Here are some steps to take if you are infected by LockBit Green:
- Disconnect from the Internet: The first step is to disconnect the infected device from the internet to prevent further data loss and to stop the ransomware from spreading to other devices on the network.
- Identify the Ransomware: Identify the type of ransomware that has infected your device. This information will help you find the right tools and resources to remove the ransomware and recover your data.
- Report the Ransomware to Authorities: Report the ransomware attack to law enforcement agencies and other relevant authorities. This can help track the attackers and prevent further attacks.
- Isolate the Infected Device: Isolate the infected device from the network to prevent the ransomware from spreading to other devices on the network.
- Do Not Pay the Ransom: Do not pay the ransom, as this does not guarantee that the attackers will provide the decryption key, and it also encourages further ransomware attacks.
- Try to Recover Data: Use data recovery tools and services to recover as much data as possible. If you have backups of your data, you can use them to restore your files and avoid paying the ransom.
- Seek Professional Help: If you are unable to remove the ransomware and recover your data, seek the help of professional cybersecurity experts who specialize in ransomware removal and data recovery.
The Takeaway
LockBit Green is a new variant of the LockBit ransomware that is designed to target cloud-based services, making it a serious threat to companies and organizations that rely on cloud computing. The new variant uses a Conti-based encryptor, which makes it difficult to detect and recover encrypted data. To protect against ransomware attacks like LockBit Green, it’s important to keep software and operating systems up to date, use strong passwords and two-factor authentication, educate employees on how to recognize and avoid phishing emails, and regularly back up important data. If you are infected by LockBit Green, take immediate action to isolate the infected device, report the attack to authorities, and seek the help of professional cybersecurity experts to remove the ransomware and recover your data.