The LockBit 2.0 ransomware gang is actively recruiting corporate insiders to help with network breaches and encryption. In return, insiders are promised to pay a million dollars.
Many ransomware gangs have hired a core group of developers to maintain ransomware and payment sites, and an affiliate that compromises the victim’s network and encrypts the device, as Ransomware-as-a-Service. It works.
The ransom payments made by the victim are split between the core group and the affiliate, who usually receive 70-80% of the total amount.
However, affiliates often purchase access to the network from other third-party pentesters rather than violating the company itself.
With LockBit 2.0, ransomware gangs are trying to eliminate mediators and instead recruit insiders to provide access to corporate networks.
LockBit 2.0 promises insiders millions of dollars
June, LockBit ransomware operation Launch of new LockBit 2.0 Ransomware as a service.
This renewal included a redesigned Tor site and a number of advanced features, including automatic. Encryption of devices on the network through Group Policy..
With this renewal, LockBit will change the Windows wallpaper placed on encrypted devices, providing “millions of dollars” to insiders of companies that provide access to networks with accounts. To do.
The full edited contact information explains that LockBit is looking for RDP, VPN, and corporate email credentials that can be used to access the network.
The ransomware gang also states that it will send insiders a “virus” that should run on the computer, giving the ransomware gang remote access to the network.
“Do you want to make millions of dollars?
We gain access to various enterprise networks and insider information that helps us steal the enterprise’s most valuable data.
You can provide accounting data about access to any company, such as RDP, VPN, corporate email logins and passwords. Please open our letter by email. Launch the provided virus on any computer in your company.
Enterprises pay foreclosures to decrypt files and prevent data breaches.
You can communicate with us via Tox Messenger
When I use Tox Messenger, I don’t know my real name. In other words, privacy is guaranteed.
For inquiries, please use ToxID: xxxx “.
When I first saw this message, it seemed counterintuitive to hire an insider from an already compromised network.
However, this message may be intended for an external IT consultant who may see the message while responding to an attack.
This tactic may sound ridiculous, but it’s not the first time threat actors have tried to hire employees to encrypt a company’s network.
In August 2020, the FBI arrested Russian citizens. Recruit Tesla employees to instill malware On the network of Tesla’s Nevada Gigafactory.
LockBit ransomware recruiting insiders to compromise corporate networks
Source link LockBit ransomware recruiting insiders to compromise corporate networks