What is LockBit ransomware and why is it targeting macOS?

Subject : Science and technology

Section: Awareness in IT and computers

Context:

Cybercriminals have developed new ransomware encryptors designed to target macOS devices, making this the first major ransomware operation to specifically target Apple computers.

Details:

The new encryptors target both older Macs and newer ones running on Apple Silicon.
Earlier in January, the LockBit gang was reportedly behind a cyber-attack on U.K. postal services.

About LockBit ransomware:

First reported in September 2019 and also known as “abcd” virus. due to the file extension used when encrypting victim’s files.
The virus is categorised as a “crypto virus” due to its requests for payment in cryptocurrency to decrypt the files on the victim’s device.
The LockBit ransomware is designed to infiltrate victims’ systems and encrypt important files.
It targets the enterprises and organisations in the U.S., China, India, Ukraine, and Indonesia. Attacks have also been recorded throughout Europe, including in France, Germany, and the U.K.

How do it works?

It works as a self-spreading malware, not requiring additional instructions once it has successfully infiltrated a single device with access to an organisational intranet.
It also known to hide executable encryption files by disguising them in the .PNG format, thereby avoiding detection by system defences.
It disables security programs and places an encryption lock on all system files, which can only be unlocked via a custom key created by the LockBit gang.

About LockBit ransomware gang:

The group behind this is known as the LockBit gang.
It is considered the most prolific ransomware group ever.
It operates on the ransomware-as-a-service (Raas) model and comes from a line of extortion cyberattacks.

How to protect systems against the LockBit ransomware?

The use of strong passwords, with strong variations of special characters which are not easy to guess along with multi-factor authentication should be implemented.
This ensures the use of brute force will not be enough to compromise systems.
Organisations can also undertake training exercises to educate employees on the use of phishing attacks and their identification.
Old and unused user accounts should be deactivated and closed as they can become weak links in the security apparatus.