Cyberthreats such as ransomware grow more devilish by the day. LockBit 2.0, a specific breed of ransomware-as-a-service that’s escalated the stakes associated with suffering a ransomware attack.
LockBit’s evolved since those days, keeping up with the latest tech and trends. Now, the world is faced with LockBit 2.0, which can not only encrypt networks via group policy updates but can hijack connected printers to print a non-stop stream of ransom notes (a ransomware feature seemingly designed to get victims’ attention).
While the printer spam is self-explanatory, here’s a more detailed breakdown of that network encryption item. When bad guys take the reins of a domain controller, LockBit 2.0 then distributes itself to domains. It will create new group policies that cut off Microsoft Defender and its defense mechanisms and create policies that launch the ransomware.
Today, the world is faced with LockBit 2.0, this ransomware has been around for a while, as far back as 2019. Recently evolved with technology and trends to produced what is capable of:
1. Cutting off Microsoft Defender and its defense mechanisms and create policies that launch the ransomware.
2. Hijacking connected printers to print a non-stop stream of ransom notes
3. Encrypting networks via group policy updates.
4. Automatically be distributed through a Windows domain, with no scripts required.
“This is the first ransomware operation to automate this process, and it allows a threat actor to disable Microsoft Defender and execute the ransomware on the entire network with a single command,” ethical hacker Vitali Kremez told Bleeping Computer.
