Saturday, January 28, 2023
  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Glossary
  • Community Forum
  • Web Hosting Directory
  • Login
  • Register
Cloud7 News
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • Network/Internet
    • Windows
    • Software
    • Hardware
    • Blockchain
    • Policy/Legislation
    • How-Tos
    • Troubleshooting
No Result
View All Result
Cloud7 News
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • Network/Internet
    • Windows
    • Software
    • Hardware
    • Blockchain
    • Policy/Legislation
    • How-Tos
    • Troubleshooting
No Result
View All Result
Cloud7 News
No Result
View All Result

Home > Opinion > Lockbit 2.0: Sign of a dangerous ransomware threat landscape for cloud service providers

Lockbit 2.0: Sign of a dangerous ransomware threat landscape for cloud service providers

The ransomware crisis keeps getting worse, with most companies and organizations experiencing a ransomware attack in 2021.


Jeff Stout Jeff Stout
December 8, 2021
4 min read
Lockbit 2.0: Sign of a dangerous ransomware threat landscape for cloud service providers

The ransomware crisis keeps getting worse, with most companies and organizations experiencing a ransomware attack in 2021. The cybersecurity situation is even more dangerous for cloud service providers, because of the number of clients they serve. If a hacker gains access to a normal corporate network, they’ve compromised one company, but if they can infiltrate a cloud service provider, they can potentially access the networks of dozens or even hundreds of companies.

This trend has been further energized by a shift in the way ransomware gangs operate. In the past, the main focus of ransomware was to shut down businesses, putting financial pressure on victims to pay the ransom. More recently, however, there has been more emphasis on stealing sensitive data and threatening to release it to the public.

Cloud service providers are prime targets for such attacks because it’s possible to collect huge amounts of data at once. Instead of breaking into a corporate network and looking for sensitive data, hackers can look at a much wider data set, searching for anything that might be harmful to companies if released to the public.

Financial data, medical and legal records, usernames and passwords, and trade secrets are all prime targets. This highlights the fact that a great deal of the increased security burden that comes with a worsening ransomware threat landscape will fall on cloud service providers.

Lockbit 2.0 attempts to corner the ransomware market

Lockbit 2.0 is a prime example of the move towards so-called “double extortion” attacks that focus on stealing data.

The ransomware market functions much like any legitimate market, with different ransomware developers competing to market their software to hackers. Developers advertise ransomware on underground hacking forums, and hackers who use it then share a percentage of their earnings with the developers.

In attempting to corner the market, Lockbit 2.0 has aggressively positioned itself with a number of features that make it faster than other ransomware variants, and also make “double extortion” easier.

As the ransomware threat grows, so too does the cybersecurity response. This is putting pressure on ransomware designers to make their software faster and more efficient. Lockbit 2.0 incorporates an encryption method that only encrypts about 4 kb of data per file— just enough to render the file unusable. The Lockbit 2.0 team claim makes it the fastest on the market.

It also includes special tools which automatically steal data as quickly as possible.

Rising danger of insider threats

As companies have increased their anti-phishing measures and tightened up cybersecurity, hackers have also been looking for new ways to infiltrate networks. Lockbit 2.0 is one of the first gangs to pursue recruiting insiders as a way to break into networks.

Almost all ransomware variants replace the desktop wallpaper of affected systems with a ransom note containing the attacker’s contact information. Lockbit 2.0 has started to add an offer to company employees— help the hackers access corporate networks in exchange for a percentage of the profits.

The message promises the opportunity to earn millions and promises to protect the anonymity of the insider. This could be a tempting opportunity for a disgruntled employee to earn multiple years worth of salary quickly and easily. It’s also yet another attack vector for employers and cybersecurity professionals to worry about.

Adapting to the changing threat landscape

So what can cloud service providers do to adjust to the new reality? Business as usual, unfortunately, is not an option. It’s not really an option to just leave security to the cybersecurity guys— everyone in an organization needs to have a basic level of cybersecurity understanding.

AWS recently released ransomware mitigation guidelines for cloud service providers. It emphasizes five main points, including:

  • Encryption. With the rising threat of data theft and extortion, it’s more important than ever to implement measures to safeguard client data and sound key management policies. Workflows should be segmented so that each process only has the minimum possible permissions required to do its jobs.
  • Make data recoverable. A secure backup policy is essential to ransomware mitigation. Being able to restore encrypted data makes it much more difficult for ransomware hackers to shut you down, which severely reduces their ability to demand a ransom.
  • Keep up to date with patches. Ransomware hackers are very quick to exploit any vulnerabilities that are leaked, so it’s important to have a regular update and patch schedule.
  • Follow a security standard. Security standards developed by industry leaders provide a convenient metric for checking if your cybersecurity is up to snuff.
  • Monitor and automate responses. The best way to stop a ransomware attack is to prevent the hacker from gaining access to your network. The next best thing is to detect if an intruder enters and stop them before they can do any damage. If unusual activity is detected, automating a shutdown of the network can limit the extent of the damage an attacker can do.

Technology has brought huge productivity gains to our lives, but it has also brought many challenges. Unfortunately, it seems that some of the gains digitization has brought us will have to be dedicated to maintaining a higher degree of vigilance in cyberspace.

Tags: BeforeCryptRansomware
Jeff Stout

Jeff Stout

Jeff Stout is a cybersecurity consultant at BeforeCrypt, a firm specializing in ransomware protection.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Next Post
Bitly acquired QR Code Generator

Bitly acquired QR Code Generator

Related News

Emre Baran, Co-founder & CEO at Cerbos.

Cloud7 Expert Series: Emre Baran from Cerbos

January 28, 2023 3:00 pm
Thoma Bravo to acquire Magnet Forensics

Thoma Bravo to acquire Magnet Forensics

January 26, 2023 1:10 pm
LastPass faces yet another security incident

LastPass publishes an update on the November 2022 security incident

January 25, 2023 6:35 pm
VMware vRealize updates addressing security flaws

VMware fixes critical vRealize Log Insight security flaws

January 25, 2023 3:30 pm
Get free daily newsletters from Cloud7 News Get the Cloud7 Newsletter
Select list(s):

Check your inbox or spam folder to confirm your subscription.

By subscribing, you agree to our
Copyright Policy and Privacy Policy

Get the free newsletter

Subscribe to receive the latest IT business updates straight to your inbox.

Select list(s):

Check your inbox or spam folder to confirm your subscription.

Editor's Choice

What’s new in Linux kernel 6.2 rc5?

10 Best Web Hosting Services of 2023

Ubuntu 22.04 LTS is available for download. What is new?

CERN and Fermilab recommend AlmaLinux

7 best hosting control panels of 2023

How to update Linux Kernel without rebooting?

7 best Linux mail servers of 2023

7 best cPanel alternatives for 2023

7 best Linux web browsers for 2023

7 best CentOS alternatives

7 best Linux server distros of 2023

Interview with Igor Seletskiy on AlmaLinux

How to create a VM and install a Linux distro on VMware Workstation

Recent News

  • Cloud7 Expert Series: Emre Baran from Cerbos
  • How to connect to the local network on a virtual machine
  • [Event] PlatformCon 2023
  • GNOME 44 Alpha is out now
  • [Event] GUADEC 2023 Conference

Cloud7 News
Cloud7 is a news source that publishes the latest news, reviews, comparisons, opinions, and exclusive interviews to help tech users of high-experience levels in the IT industry.

EXPLORE

  • Web Hosting
  • Cloud Computing
  • Data Center
  • Cybersecurity
  • Linux
  • Network/Internet
  • Software
  • Hardware
  • How-Tos
  • Troubleshooting

RESOURCES

  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Glossary
  • Community Forum
  • Web Hosting Directory

Get the Cloud7 Newsletter

Get FREE daily newsletters from Cloud7 delivering the latest news and reviews.

  • About
  • Privacy & Policy
  • Copyright Policy
  • Contact

© 2022, Cloud7 News. All rights reserved.

No Result
View All Result
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • Network/Internet
    • Windows
    • Software
    • Hardware
    • Blockchain
    • Policy/Legislation
    • How-Tos
    • Troubleshooting
  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Glossary
  • Community Forum
  • Web Hosting Directory

© 2022, Cloud7 News. All rights reserved.

Welcome Back!

Sign In with Facebook
Sign In with Google
Sign In with Linked In
OR

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Sign Up with Facebook
Sign Up with Google
Sign Up with Linked In
OR

Fill the forms below to register

*By registering into our website, you agree to the Terms & Conditions and Privacy Policy.
All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.