ACSC Warns Of Ransomware As Canberra Steps In
The Australian Cyber Security Centre has issued an alert about a ransomware attack by criminals using malware called LockBit 2.0.
The ACSC says multiple organisations across various industry sectors have been impacted, but hasn’t identified which entities are involved.
The malware restricts access to corporate files and systems by encrypting them into a locked and unusable format.
This latest attack comes as the Federal Government proposes a sweeping bill to address a wave of cyber-attacks on Australian organisations.
The bill would allow Canberra’s digital security agencies to intervene in companies’ networks to address severe cyberattacks.
Google, Amazon and Atlassian, however, have slammed the proposals, saying their company operations are far too large and complex for the government to be involved in mitigating to a threat.
Believed to have originated in Russia, the ACSC says LockBit threat actors are actively exploiting existing vulnerabilities in the Fortinet FortiOS and FortiProxy products identified as CVE-2018-13379 in order to gain initial access to specific victim networks.
LockBit affiliates have successfully deployed ransomware on corporate systems in a variety of countries and sectors, including Australia, since 2020, according to the ACSC.
They implement what is called the ‘double extortion’ technique, which involves uploading stolen and sensitive victim information to the dark web site ‘LockBit 2.0’.
The ACSC says LockBit is offered as a Ransomware-as-a-Service (RaaS), enabling affiliates to utilise it as desired, provided a percentage of the illicitly gained profits are shared with the LockBit operators as commission.
The LockBit 2.0 site is hosted on The Onion Router (ToR) network, enabling greater anonymity to LockBit threat actors hosting illicitly obtained material.