LockBit Returns to the Ransomware Space With the Launch of a New Affiliate Program

  • LockBit jumps to fill in the gaps left by the departure of popular RaaS, launching the ‘LockBit 2.0’.
  • The new RaaS program promises to offer the fastest encryption and data exfiltration available out there.
  • LockBit has gone through a period of inactivity in the past six months but has now identified an opportunity.

At the same time that several big ransomware groups are throwing the towel, others getting arrested, and some laying low, we see new groups of actors willing to fill in the vacuum and old ones deciding to reboot their operations. The latest example of that second leg comes from LockBit, who, according to KELA, have just announced the start of the LockBit 2.0 affiliate program. This is a call to all ransomware crooks out there to consider joining in and benefiting from a new toolset that is allegedly superior to anything else circulating out there.

First of all, LockBit 2.0 promises to offer the fastest data exfiltration in the market through a new tool called ‘StealBit,’ which also supports real-time compression and drag-and-drop functionality and remains hidden from security tools. Based on LockBit’s promise, it can download 100 GB of data from compromised systems in just under 20 minutes.

Source: KELA | Twitter

This is very important for ransomware actors because the quicker they exfiltrate the data, the fewer the chances of being discovered and stopped in the process. Stealing that data is the whole point of ransomware attacks today because this data is often the only reason victims pay the demanded ransom.

The same promise is made for the encryption itself, as LockBit claims to have the “fastest encryption software in the world,” so that part of the ransomware infection is also promoted as superior to anything else out there. The only thing that the actors have to do is establish access to the core server, and the software will undertake all the rest.

Source: KELA | Titter

Partners of the LockBit 2.0 program will also enjoy the following advanced functions and features:

  • Administrator panel in Tor
  • Auto-tests for decryptor functionality
  • Blocking of process launching during encryption
  • Fully-fledged port scanner
  • PUSH notifications on chat room
  • Auto-clearing logs in compromised networks
  • Auto-launch of computers via Wake-on-Lan
  • Printing out demands on all printers connected in the compromised network
  • Auto-distribution in the compromised network
  • Removal of shadow copies that can be used for backup restoration

The last time we covered LockBit news was a very prestigious attack against the Swiss helicopter maker ‘Kopter,’ who suffered a breach through a vulnerable Pulse Secure VPN installation. Now, LockBit is launching a fresh RaaS program to lure in all those actors who have been using DarkSide, Clop, Avaddon, etc., hoping to gain some serious cash over the next couple of months.



Intel Revises Manufacturing Process Development Roadmap and it Looks Promising

Intel declares ready to leave the ear of massive delays behind and finally get back on track.The American chipmaker promises to release...

Kazakhstan Blocks LinkedIn Over Illegal Casino Advertisements and Fake Accounts

Kazakhstan says LinkedIn violated its online advertisement rules and posted casino ads on the platform.For this reason and also for the existence...

Monero Bug May Have Exposed the Privacy of Transactions for a Small Number of Users

Monero transactions could be de-obfuscated thanks to a nasty bug in the decoy algorithm.The flaw affects transactions made quickly after a user...