Poser Hackers Impersonate LockBit in SMB Cyberattacks
Recent cyberattacks against SMBs across Europe have been traced back to copycat groups using leaked LockBit locker malware.
![abstract image illustrating a ransomware attack abstract image illustrating a ransomware attack](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blt579c4b4e4dfa2b79/64f16e1d23c2390f9122b56a/Ransomware_NicoElNino_Alamy.jpg?width=1280&auto=webp&quality=95&format=jpg&disable=upscale)
A recent spate of cyberattacks against small to midsize businesses (SMBs) across Northern Europe was initially believed to be the handiwork of LockBit, but following further investigation, it turns out that a copycat group is using leaked LockBit malware for campaigns of its own.
According reports from Belgium's Computerland publication, the "wannabes," while not as sophisticated as the LockBit operators themselves, were able to encrypt the files of at least one organization. The LockBit impersonators were able to exploit an unpatched FortiGate firewall, researcher Pierluigi Paganini explained.
"Despite not being the true LockBit locker group, these micro-criminals were still able to cause significant damage by encrypting a large number of internal files," Paganini added. "However, the company was able to restore its network from backups and no client workstations were affected during the intrusions."
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024