LockBit actively tests ransomware on various operating systems
The Kaspersky Lab team shared the news. One of the most active ransomware groups in the world, LockBit, has samples for various operating systems.
This discovery was made by the company’s experts, having found a ZIP file with LockBit modules for different platforms, including Apple M1, ARM v6, ARM v7 and FreeBSD. These variants were created based on an earlier version of the malware, LockBit Linux/ESXi. Some samples, such as for macOS, still need to be finalized, but LockBit is already actively testing its ransomware on various operating systems.
Apple computers in danger
In addition, LockBit has been using code from other, lesser-known bands, such as BlackMatter and DarkSide, for some time now. According to experts, this not only simplifies the activities of potential partners, but also expands the scope of possible attacks by the LockBit ransomware itself.
Recent data from Kaspersky Threat Attribution Engine (KTAE) showed that LockBit uses approximately 25% of the code written by the now defunct Conti ransomware group. As a result, a new version of the ransomware appeared – LockBit Green.
Dmitry Galov, head of the Russian research center GReAT, said:
LockBit is an infamous ransomware family known for devastating attacks on big businesses around the world. The group is actively improving the infrastructure and using the code of other similar malware, therefore it poses a serious threat to enterprises in various industries. To mitigate the risks associated with LockBit and other ransomware, corporations need to increase security, improve security, increase employee digital literacy, and create incident response protocols.