The town of St. Mary, Ontario is one of the latest victims of a successful ransomware attack. This small town was struck by the attack on the 20th of July when they realized their internal server was hacked and encrypted. According to reports, St. Mary municipal services like fire, police, transit, water, and wastewater systems were not impacted and are operating as usual. The town stated that they were able to isolate the incident from their network and are currently working with local law enforcement and other agencies regarding the attack. The LockBit cartel gave the town a deadline to pay the ransom or have their data published online.
LockBit Cartel and LockBit Ransomware
Who is the LockBit Cartel? This ransomware group is not exactly a “cartel” they are several large ransomware cybercriminals who have partnered up to form one large cybercrime organization. This group is sharing hacking techniques, purloined data-breach information, malware code, and technology infrastructure. The most active collaborators of this group are Wizard Spider, Twisted Spider, Viking Spider, and LockBit. The groups in this cybercrime organization are jointly controlling access to illicit data leak sites and custom ransomware code. The LockBit organization has been active since 2019 and is becoming more sophisticated and more powerful.
Linked attacks by the Lockbit cartel:
• The University of Detroit Mercy
• National College University
• Mercyhurst University in Pennsylvania
• Val Verde Regional Medical Centre in Texas
• City of Plainview in Minnesota, Hercules in California
• Brownsville Public Utilities Board
• Gordon County in Georgia
• City of Colona in Illinois
LockBit ransomware is a type of malicious software that is designed to block access to computer systems in exchange for a ransom payment. This ransomware is used for highly targeted attacks against enterprises and other organizations. The LockBit ransomware was formerly known as “ABCD” ransomware when it was first used in 2019. This type of ransomware has since grown into a unique threat within the scope of these extortion tools. LockBit functions as a RaaS (ransomware-as-a-service). A RaaS is usually used by willing parties who pay to use a custom for-hire attack(s), and profit under an affiliate framework.
According to Kaspersky, “LockBit ransomware is considered by many authorities to be part of the “LockerGoga & MegaCortex” malware family.” The most significant ability of LockBit ransomware is its ability to self-propagate which means it can spread on its own. Lockbit is designed to be directed by a pre-designed automation process. This type of ransomware makes it very unique from other ransomware attacks that are driven by manually living in the network to complete recon and surveillance. LockBit ransomware also hides the executable encrypting file by concealing it as a common .PNG image file format. This ability to hide files makes it capable of deceiving system defenses.
Where Could Dell Help?
Dell Technologies has several solutions within the data protection portfolio that could help reduce the chances of a successful ransomware attack or help get an organization's data restored without the risk of losing data. The solution I would highly recommend is APEX Backup Services and APEX Cyber Recovery. These two solutions are Dell’s latest SaaS solution that can backup organizations' data into a secure vault. The vault is located off of the network and all data is encrypted into an unreadable language and only those with an encryption key can retrieve and read the data. With APEX Cyber Recovery, organizations can have a piece of mind that their data is recoverable at any time and have the option to have the assistance of a Dell technician to help you along the way. If you want to learn more about these options, check out the links below. Also, I have a few pieces that I have written about the APEX solutions as well as other data protection solutions. That link can also be found below in the Links sections.
Kaspersky. (n.d.). LockBit Ransomware — What You Need to Know. Kaspersky. Retrieved July 26, 2022, from https://www.kaspersky.com/resource-center/threats/lockbit-ransomware
Patterson, D. (2021, July 22). The World's Top Ransomware Gangs Have Created a Cybercrime "Cartel.” CBS News. Retrieved July 26, 2022, from https://www.cbsnews.com/news/ransomware-cybercrime-cartel-wizard-spider-viking-spider-lockbit-twisted-spider/
Petkauskas, V. (2022, July 25). LockBit Targets Small Canadian Town With extortion. Cybernews. Retrieved July 26, 2022, from https://cybernews.com/news/lockbit-targets-small-canadian-town-with-extortion/
Trevithick, M. (2022, July 22). St. Marys, Ont. Grapples With Cyberattack As Ransomware Group Threatens To Publish Stolen Data. 980 CFPL. Retrieved July 26, 2022, from https://globalnews.ca/news/9009347/st-marys-ont-cyberattack-dark-web-threat/