Interpol: Lockbit ransomware attacks affecting American SMBs

American medium-sized companies are actively targeted by LockBit ransomware operators according to an Interpol report on the impact the COVID-19 pandemic had on cybercrime around the world.

The report was produced by Interpol's Cybercrime Directorate and it includes data from 48 Interpol member countries and 4 private partners, as well as info and analysis from Interpol's Cybercrime Threat Response (CTR) unit and its Cyber Fusion Centre (CFC).

"The resulting analysis was supplemented by information provided by private sector partners and the INTERPOL Regional Working Groups on Cybercrime," the Interpol says.

American SMBs in LockBit's line of fireAs part of a short summary of regional cybercrime trends, the International Criminal Police Organization (Interpol) says [PDF] that "a ransomware campaign carried out mainly through LOCKBIT malware is currently affecting medium-sized companies in some countries within this region."

LockBit, a human-operated Ransomware-as-a-Service (RaaS) operation that surface in September 2019 as a private operation targeting enterprises and later observed by Microsoft while targeting healthcare and critical services.

This ransomware strain's operators use the publicly available CrackMapExec penetration testing tool to move laterally once they get a foothold on a victim's network.

Two months ago, LockBit partnered with Maze ransomware's operators to create an extortion cartel that allows them to share the same data leak platform during their operations and to exchange tactics and intelligence.

Maze later told BleepingComputer that other ransomware groups might join this collaborative effort to generate ransom payments.

Full article on https://www.bleepingcomputer.com/news/security/interpol-lockbit-ransomware-attacks-affecting-american-smbs/

#ransomware #smb #usa #lockbit #yokdata #protection