What is LockBit ransomware and how is it specifically targeting Apple computers?

Source: The post is based on the article “What is LockBit ransomware and how is it specifically targeting Apple computers?” published in The Hindu on 24th April 2023

What is the News?

Reports have emerged that LockBit ransomware was found to be targeting Mac devices.

What is LockBit ransomware?

LockBit ransomware was first reported in 2019. It has been dubbed as the “abcd” virus due to the file extension used when encrypting victims’ files.

It is designed to infiltrate victims’ systems and encrypt important files. The virus is categorized as a “crypto virus” due to its requests for payment in cryptocurrency to decrypt files on the victim’s device. 

The ransomware is therefore typically deployed against victims who feel hindered enough by the disruption to pay heavy sums in exchange for access to the files and can afford to do so.

How does LockBit ransomware work?

It works as a self-spreading malware, not requiring additional instructions once it has successfully infiltrated a single device with access to an organizational intranet.

It is also known to hide executable encryption files by disguising them in the .png format, thereby avoiding detection by system defences.

Attackers use phishing tactics and other social engineering methods to impersonate trusted personnel or authorities to lure victims into sharing credentials.

Once it has gained access, the ransomware prepares the system to release its encryption payload across as many devices as possible.

It then disables security programs and other infrastructures that could permit system data recovery. The goal is to ensure that data recovery without assistance from the LockBit gang is impossible.

After this, they leave behind a ransom note, with instructions to restore the system, and has reportedly also included threatening blackmail messages.

Victims are then left with no choice but to contact the LockBit gang and pay up for the data, which the gang may sell on the dark web — whether the ransom is paid or not.

How one can protect systems against LockBit ransomware?

Organizations and individuals can take certain steps to increase resilience against such cyber threats such as:

– Use of strong passwords, with strong variations of special characters which are not easy to guess along with multi-factor authentication should be implemented.

– Undertake training exercises to educate employees on the use of phishing attacks and their identification. 

– Old and unused user accounts should be deactivated and closed as they can become weak links in the security apparatus. 

– Organizations should have an understanding of cybersecurity threats and vulnerable points that may be exploited by cybercriminals.