Blake Dowling
Ransomware first came on the scene in 1989 via hackers mailing out a floppy disk.
Called the AIDS trojan; if you put the disk in your computer it would lock up. You were then asked to send $189 to a P.O. Box in Panama to restore your computer.
Times have changed. In recent years, ransomware sometimes asks for millions of dollars in payments to restore infected systems.
Working in technology for over 25 years, ransomware is the worst cyber threat I have ever seen.
The cyber threat group Lockbit is now the No. 1 player on the ransomware scene. They are behind almost half (44%) of the reported attacks in the world last year, according to Deep Instinct, an Israeli cybersecurity company.
Mind you, this is not a rag-tag band of digital thieves; they operate like any legitimate large business. They utilize a network of subcontractors (they call them affiliates, like Mary Kay) to distribute malware by selling ransomware tool kits on the dark web (RAAS — ransomware as a service).
Once that happens, an up-and-coming hacker goes on the dark web, buys the tool kit, and then distributes it (via email attacks and other hacks).
Once they have a victim and receive payment, they share it with Lockbit.
Having a highly effective distribution system is not the only corporate similarity. They have a robust PR team and they do interviews with the media.
Let’s not forget marketing too, they run ads online to recruit affiliates. Shady forums like XSS (Russian hacker forum) have some of their ads, you can check them out here on this non-dark website.
Lockbit also invests in R & D — speaking of that and Russian dark web forums, let’s go back to what Lockbit did in June 2022 when the pandemic was heating up. Lockbit sponsored a contest together on the dark web with a cash prize for an innovative paper on new methods of cybercrime, hacking, viruses, malware, etc. This is the first time I have heard of anything like this and it’s a frightening indicator of the people behind this gang.
They sponsor hacking initiatives and by doing so are coaching up the next generation of hackers and separating the script, kids (hacker lingo) from the real bad actors.
Envision Credit Union in Tallahassee knows this group and its methods firsthand.
Lockbit threatened to release Envision’s data to the public unless their ransom was paid in the Summer of 2021 reported by TaMaryn Waters of the Tallahassee Democrat.
And she quotes yours truly in the article:
“Gift card scams and other phishing attempts are a headache, but a systemwide ransomware incident can bring an entire organization down with the click of a button,” Dowling said. “Most email ransomware attacks are targeting certain people in certain departments using social engineering (finding contact info on websites and social media. Ransomware is the most devious cyber threat facing the business community.”
Amen to that.
Envision is not alone; our friends at PC Matic (thank you Corey Munson for the good work you all do) put together a list of high-profile ransomware attacks in Florida.
They range from Broward County Public Schools, Miami Beach Police Department, Tampa Bay Times and, of course, the multiple millions paid out in Riviera Beach and Lake City that we have heard about in the past.
The latest victims of Lockbit appear to be the mail service in Britain, which, as of this week, is experiencing an outage at the hands of these hackers.
Lockbit is innovating, growing, and using a network of subcontractors much like any successful entity.
Unfortunately, their success means the public suffers.
This gang is not going away anytime soon, as they are harbored in a country willing to overlook what they are up to — or are paying them. Regardless, the old cyber gangs Conti, REvil, and Darkside are out and the new No. 1 threat is Lockbit.
The damage from ransomware is hard to calculate as most victims, like many crimes, do not want to discuss it. In fact, they hide it fearing damage to their brand. Plus, hackers don’t pay taxes, so my guess on total damages is as good as yours, but conservative estimates are hundreds of millions of dollars.
CNBC goes so far as to say ransomware payments crossed the billion-dollar mark last year.
Lockbit and other hacking enterprises are after all of us: elected officials, banks, lobbyists, schools, hospitals, and media. It is up to you to protect yourself.
Deploy two-factor authentication, run email attack simulations, install redundant backups, hold cyber training and invest in advanced threat protection tools, and, most importantly, don’t click on emails you are not expecting, or you could be next on the list, on the news and scrambling to recover.
___
Blake Dowling is CEO of Aegis Business Technologies and, as a courtesy, you can watch this cyber training we made for our clients; if it can stop one person reading this from clicking a threat and being hacked, our job here is done: Aegis cybersecurity presentation — YouTube.
