CyberSecurity news
FlagThis - #lockbit
|
@itpro.com
// 11d
Advanced Computer Software Group, an NHS software supplier, has been fined £3 million by the Information Commissioner's Office (ICO) for security failures that led to a disruptive ransomware attack in 2022. The ICO determined that Advanced Computer Software Group failed to implement appropriate security measures prior to the attack, which compromised the personal information of tens of thousands of NHS patients. The LockBit ransomware group was identified as the perpetrator, gaining access through a customer account lacking multi-factor authentication (MFA).
Personal information belonging to 79,404 people was taken in the attack, including instructions for carers on how to gain entry into the properties of 890 people who were receiving care at home. The stolen data included checklists for medics on how to get into vulnerable people's homes. The ICO cited gaps in applying MFA policies across the organization, a lack of vulnerability scanning, and inadequate patch management as the primary facilitators of the attack. Recommended read:
References :
Pierluigi Paganini@Security Affairs
// 22d
References:
securityaffairs.com
, BleepingComputer
,
The LockBit ransomware group, known for impacting numerous organizations globally, has faced a significant development with the extradition of Rostislav Panev to the United States. Panev, a dual Russian-Israeli national, is suspected of being a key developer for the LockBit ransomware operation. He was apprehended in Israel last August, where authorities discovered incriminating evidence on his laptop, including credentials for LockBit's internal control panel and source code for LockBit encryptors and the gang's StealBit data theft tool.
Panev is accused by the U.S. Department of Justice of developing LockBit's ransomware encryptors and StealBit, with activities spanning from June 2022 to February 2024. The LockBit ransomware group has been active since 2019, impacting over 2,500 victims across 120 countries. The extradition signifies a major step in holding individuals accountable for their roles in facilitating the widespread damage caused by LockBit ransomware. Recommended read:
References :
Lorenzo Franceschi-Bicchierai@techcrunch.com
// 24d
Rostislav Panev, a dual Russian-Israeli national suspected of being a key developer for the notorious LockBit ransomware operation, has been extradited to the United States. Panev was arrested in Israel in August 2024 following a U.S. provisional arrest request and has now made an initial appearance before a U.S. magistrate, where he was detained pending trial. U.S. authorities allege that Panev played a crucial role in developing the LockBit ransomware from its inception around 2019 through February 2024.
Panev is accused of developing code and maintaining infrastructure for LockBit. The U.S. Department of Justice (DoJ) stated that Panev and his co-conspirators grew LockBit into one of the most active and destructive ransomware groups globally. LockBit operators and affiliates have extracted at least $500 million in ransom payments from victims, causing billions of dollars in lost revenue and recovery costs. The complaint against Panev follows charges brought against other LockBit members, including its alleged primary creator, developer, and administrator, Dmitry Yuryevich Khoroshev, for whom the U.S. is offering a reward of up to $10 million. Recommended read:
References :
Pierluigi Paganini@Security Affairs
// 38d
References:
securityaffairs.com
, The420.in
,
The LockBit ransomware group has targeted newly appointed FBI Director Kash Patel with an alleged "birthday gift" consisting of leaked classified documents. LockBitSupp, the group's alleged leader, posted a message on February 25, 2025, mocking Patel and claiming the group possesses sensitive data that could "destroy" the FBI. This incident raises serious cybersecurity concerns about potential data breaches targeting high-profile individuals and agencies.
The post, found on LockBit's dark leak blog, describes an "archive of classified information" containing over 250 folders of materials dating back to May 29, 2024. This stolen data is presented as a "guide, roadmap, and some friendly advice" to the new FBI Director. The ransomware cartel's actions represent a bold threat, highlighting the increasing sophistication and audacity of cybercriminals targeting government entities and their leadership. Recommended read:
References :
@cyberinsider.com
// 50d
Dutch Police have dismantled the ZServers/XHost bulletproof hosting operation, seizing 127 servers. The takedown follows a year-long investigation into the network, which has been used by cybercriminals to facilitate illegal activities. This includes the spread of malware, botnets, and various cyberattacks.
Earlier this week, authorities in the United States, Australia, and the United Kingdom announced sanctions against the same bulletproof hosting provider for its involvement in cybercrime operations. ZServers was accused of facilitating LockBit ransomware attacks and supporting the cybercriminals' efforts to launder illegally obtained money, according to The Record. The Cybercrime Team Amsterdam will conduct an additional probe of the servers, as the company advertised the possibility for customers to allow criminal acts from its servers while remaining anonymous to law enforcement. Recommended read:
References :
Cybereason Security Services Team@Blog
// 65d
The Phorpiex botnet, previously known for spam and cryptocurrency mining, has been observed distributing LockBit Black ransomware, also known as LockBit 3.0. This new attack vector signifies a significant shift in the botnet's operations, now focusing on automated ransomware deployment through compromised websites and phishing emails. The malicious activity begins with phishing emails that contain malicious SCR files. When these files are executed, they establish a connection with a command-and-control server, download the LockBit binary, and execute the ransomware payload to begin file encryption.
Unlike traditional ransomware tactics that involve human operators and attempts at lateral movement within a network, this variant focuses on immediate execution of LockBit, reducing the attack's footprint and making it harder to detect. Phorpiex and LockBit employ various anti-detection strategies, such as deleting URL caches, obfuscating function calls, removing Zone.Identifier metadata, and modifying the Windows registry, all to ensure the ransomware runs automatically. This shift highlights the increasing trend of botnets being used as a tool for ransomware attacks. Recommended read:
References :
|