[MART] - Daily Diary #440 - Lockbit Goes Multi-platform

[CTAS-MAT]

Hello,
I hope everyone is doing well!

Below is the entry for today.

27/01/2021 - Diary entry #440

In our Daily Diary #315 we covered LockBit2.0. Lockbit was also featured in multiple of other Daily Diaries (like #371 covering the attack on Atento and #325 covering the attack on Accenture) as it's been one of the most dangerous families nowadays.

This week a new Lockbit operation was disclosed, with a new sample targeting Linux Systems. The new sample added support for VMWare ESXi virtual machines. After infecting the server, Lockbit can gather information about the ESXi server running and the virtual machines under it, stop the machines running, and finally encrypt them using AES + ECC algorithms.

Lockbit is not the first Ransomware to add capability to multi-platform, neither to focus their attacks on virtual machine hypervisors. In our Daily Diaries #429 and #199 we covered AvosLocker and RansomEXX adopting a similar approach. This incident is yet another proof that ransomware operations are going multi-platform, and with the adoption of cloud computing, disrupting Virtual Machine Hypervisors is becoming very attractive to cybercrime.

Kind Regards,

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/logo@2x.png]<https://www.appgate.com/>

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>



Felipe Duarte Domingues
Security Researcher
Appgate

E: felipe.duarte at appgate.com<mailto:felipe.duarte at appgate.com>
O: +55 19 98840 2509

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/mart/attachments/20220127/98329f8e/attachment.htm>