skout-blog

Cybersecurity Threat Advisory 0058-21: Lockbit Ransomware Is On The Rise

Threat Update

Global consulting firm Accenture was recently hit by a ransomware attack that was allegedly carried by the ransomware group, LockBit.

In response, SKOUT has updated their threat intelligence to include key indicators of compromised and developed custom rules to detect LockBit ransomware.

Technical Detail & Additional Information

WHAT IS THE THREAT?

LockBit ransomware is a malicious software designed to block user access to computer systems in exchange for a ransom payment. LockBit will automatically scan for valuable targets, spread the infection, and encrypt all accessible computer systems on a network. This ransomware is used for highly targeted attacks against enterprises and other organizations.

WHY IS IT NOTEWORTHY?

The cyber intelligence firm Cyble reported that LockBit 2.0 sought a $50 million ransom for six terabytes of data that they were able to retrieve from Accenture. Cybercrime intelligence company Hudson Rock reported that 2,500 computers of employees and partners were compromised.

WHAT IS THE EXPOSURE OR RISK?

Regarding this current attack on Accenture, the ransomware group claims to have an inside agent that is still currently working within the company. Although it is likely a scare tactic, standard security procedures such as “least privilege” become even more imperative to follow to shrink attack vectors.

WHAT ARE THE RECOMMENDATIONS?

SKOUT recommends that IT professionals reassess and simplify user account permissions as well as clean out outdated and unused accounts. In addition, having system wide backups and clean local machine images prepared can be crucial in the event of an attack.

REFERENCES

For more in-depth information about the recommendations, please visit the following links:

If you have any questions, please contact our Security Operations Center.