- LockBit jumps to fill in the gaps left by the departure of popular RaaS, launching the ‘LockBit 2.0’.
- The new RaaS program promises to offer the fastest encryption and data exfiltration available out there.
- LockBit has gone through a period of inactivity in the past six months but has now identified an opportunity.
At the same time that several big ransomware groups are throwing the towel, others getting arrested, and some laying low, we see new groups of actors willing to fill in the vacuum and old ones deciding to reboot their operations. The latest example of that second leg comes from LockBit, who, according to KELA, have just announced the start of the LockBit 2.0 affiliate program. This is a call to all ransomware crooks out there to consider joining in and benefiting from a new toolset that is allegedly superior to anything else circulating out there.
First of all, LockBit 2.0 promises to offer the fastest data exfiltration in the market through a new tool called ‘StealBit,’ which also supports real-time compression and drag-and-drop functionality and remains hidden from security tools. Based on LockBit’s promise, it can download 100 GB of data from compromised systems in just under 20 minutes.
This is very important for ransomware actors because the quicker they exfiltrate the data, the fewer the chances of being discovered and stopped in the process. Stealing that data is the whole point of ransomware attacks today because this data is often the only reason victims pay the demanded ransom.
The same promise is made for the encryption itself, as LockBit claims to have the “fastest encryption software in the world,” so that part of the ransomware infection is also promoted as superior to anything else out there. The only thing that the actors have to do is establish access to the core server, and the software will undertake all the rest.
Partners of the LockBit 2.0 program will also enjoy the following advanced functions and features:
- Administrator panel in Tor
- Auto-tests for decryptor functionality
- Blocking of process launching during encryption
- Fully-fledged port scanner
- PUSH notifications on chat room
- Auto-clearing logs in compromised networks
- Auto-launch of computers via Wake-on-Lan
- Printing out demands on all printers connected in the compromised network
- Auto-distribution in the compromised network
- Removal of shadow copies that can be used for backup restoration
The last time we covered LockBit news was a very prestigious attack against the Swiss helicopter maker ‘Kopter,’ who suffered a breach through a vulnerable Pulse Secure VPN installation. Now, LockBit is launching a fresh RaaS program to lure in all those actors who have been using DarkSide, Clop, Avaddon, etc., hoping to gain some serious cash over the next couple of months.