Cybercriminals have started using LockBit’s popularity to intimidate their victims in a new wave of attacks, while disguising their actions as this ransomware.
Ransomware criminal groups have started using Amazon’s S3 Transfer Acceleration feature to speed up the transfer of victims’ data to their servers. They disguise their attacks as LockBit, hoping to take advantage of its infamous reputation to force victims to pay the ransom. Trend Micro discovered that attackers used built-in AWS keys to steal data and then upload it to S3 buckets. They also develop tools capable of attacking both Windows and macOS. After encrypting files, criminals change the device’s wallpaper to a message from LockBit 2.0, forcing victims to pay a ransom.
This wave of attacks is part of a global rise in cybercrime, including the use of cloud technology to steal and store data. Companies like Gen Digital are already trying to release tools to decrypt data previously encrypted by other malware like Mallox. However, attackers continue to improve their tools, including switching to the Rust language in new versions of their programs. The decline in LockBit attacks following law enforcement operations allowed other groups such as Akira and Qilin to take a leading position in the ransomware world.
Criminals’ use of LockBit’s reputation to mask their own attacks shows how vulnerable organizations remain to new cybercriminal tactics. With the development of technologies such as cloud services, criminals are finding new ways to steal data and intimidate their victims.