LockBit ransomware self-spreads to quickly encrypt 225 systems

This is a frighteningly fast attack…:

[…] In a new joint report by the researchers at McAfee Labs and cybersecurity firm Northwave, who handled the incident response, we get insight into how a LockBit ransomware affiliate hacked into a corporate network and encrypted approximately 25 servers and 225 workstations.

All of this was done in just three hours.

According to Patrick Van Looy, a cybersecurity specialist for Northwave, the hackers gained access to the network by brute-forcing an administrator account through an outdated VPN service.

While most cyberattacks require the hackers to gain access to administrative credentials after breaching a network, as they already had an admin account, they were one step ahead and could quickly deploy the ransomware on the network.

“In this specific case it was a classic hit and run. After gaining access through brute-forcing the VPN, the attacker almost immediately launched the ransomware (which he could with the administrator account that he had access to). It was around 1:00 AM that the initial access took place, after which the ransomware was launched and at around 4:00 AM the attacker logged off. This was the only interaction that we have observed,” Looy told BleepingComputer via email.


Original article here