September 29, 2023

The LockBit ransomware gang continues to dominate headlines and trigger concern amongst cybersecurity consultants with a spate of assaults on important organizations, governments and companies.

On Wednesday, the gang took credit for an assault on the Fee des providers electriques de Montréal (CSEM) — a 100-year-old municipal group that manages electrical infrastructure within the metropolis of Montreal.

The group confirmed the incident on Tuesday, writing in an announcement that it was hit with ransomware on August 3 however refused to pay the ransom. It contacted nationwide authorities and regulation enforcement in Quebec whereas making each effort to revive its techniques. Its IT infrastructure has already been rebuilt, the corporate mentioned.

“The felony group at work on this case has made public as we speak a few of the stolen knowledge. The CSEM denounces this unlawful gesture, whereas specifying that the info disclosed represents a low danger for each the safety of the general public and for the operations carried out by the CSEM,” they mentioned.

“It must be famous that every one CSEM tasks are the topic of public paperwork. Subsequently, all these plans – engineering, development and administration – are already publicly accessible by way of the official course of places of work in Quebec.”

LockBit threatened to leak the info Wednesday, the identical day it claimed the assault.

The incident caps per week of high-profile incidents and information surrounding the gang, which far outpaces all different ransomware teams when it comes to the variety of assaults launched.

Final Friday, the Spanish Nationwide Police warned that it was seeing a wave of highly-sophisticated phishing emails despatched by LockBit actors focusing on structure corporations.

The emails purport to be from a images firm asking for a funds to take photos of buildings. After exchanging emails, the pretend firm sends alongside a planning doc for the picture session that encrypts sufferer gadgets when downloaded.

That marketing campaign is a part of all kinds of LockBit assaults on European targets, together with a French regional company accountable for pure areas in Île-de-France and Capodimonte Museum in Italy.

Regardless of the gang’s torrid tempo, cybersecurity consultants are questioning the cybercrime group’s operational power after the discharge of a bombshell report from Jon DiMaggio, chief safety strategist at Analyst1.

In a followup to his earlier report on the gang, DiMaggio mentioned LockBit’s management vanished and was unreachable over the primary two weeks of August earlier than resurfacing on August 13.

Resulting from points with its backend infrastructure and accessible bandwidth, the group is struggling to publish the info it steals throughout assaults, DiMaggio mentioned. LockBit is basically pressuring victims to pay ransoms purely off of its status as essentially the most prolific ransomware group presently working, he mentioned.

That report was adopted by one other this week from Kaspersky exhibiting that the reported leak of the LockBit 3.0 ransomware builder has led to risk actors abusing the device to spawn new variants. They discovered 396 completely different samples based mostly on the LockBit code.

Get extra insights with the

Recorded Future

Intelligence Cloud.

Be taught extra.

Jonathan Greig

Jonathan Greig is a Breaking Information Reporter at Recorded Future Information. Jonathan has labored throughout the globe as a journalist since 2014. Earlier than transferring again to New York Metropolis, he labored for information retailers in South Africa, Jordan and Cambodia. He beforehand lined cybersecurity at ZDNet and TechRepublic.