Lockbit Ransomware Suspected Behind the Attacks on Envision Credit Union

 

Cyberattacks employing a type of ransomware that appeared nearly two years ago have increased in number lately. The ransomware known as LockBit Ransomware, continues to be effective for cyber thieves. 

Trend Micro's cybersecurity analysts recently documented an uptick in LockBit ransomware operations that have surged since the beginning of July. This ransomware-as-a-service first surfaced in September 2019 and has been quite successful, although activities have increased relatively during this summertime. 

Recently, Envision Credit Union has been the victim of a potential ransomware attack that seized its computer networks. There were clear indications of a suspected ransomware attack that surfaced last week, leading to speculation that the entity responsible for the attack was LockBit 2.0. 

LockBit works on the concept of Ransomware as a Service (RaaS), in which they lease out their network and software to legitimate hackers in exchange for a portion of the payment. It is a sort of double extortion in which the perpetrator threatens to expose the victim's personal information or data if the victim does not pay the money. 

Thus according to Datminr, a New York-based cybersecurity firm, the cybercriminals allegedly threatened to expose the stolen information on the 30th of August. 

The Tallahassee Democrat wrote Envision officials with various questions regarding the alleged cyber-attack. A representative only acknowledges the attack as "technical difficulties" and an "event," whilst presenting the Democrat with the following statement: 

“The credit union started experiencing technical difficulties on some of its systems, even though it has already implemented adequate security measures. We are taking all necessary steps to address the issue, which includes establishing an investigation and notifying law enforcement. We are aware of the situation and are working to ensure that the funds of our members were not put at risk.” 

The Kaspersky team has also published a report on the LockBit ransomware gang. According to them, LockBit is the newest in a succession of cybercriminals organizations promoting the ability to automate infiltration of local machines via a domain controller. 

“This ransomware is used for highly targeted attacks against enterprises and other organizations,” Kaspersky researchers said. “As a self-piloted cyberattack, LockBit attackers have made a mark by threatening organizations globally.”

Ransomware operations are on the upswing both internationally and regionally. One such ransomware attack happened in May, where the ransomware gang Darkside targeted the Colonial Pipeline Company, a Houston-based utility corporation that operates the nation's largest refined oil pipeline. 

Researchers also note that sometimes the ransomware attacks are so professionally built that they easily pass the security measure.