The LockBit ransomware-as-a-service (RaaS) gang has ramped up its targeted attacks, researchers said, with attempts against organizations in Chile, Italy, Taiwan and the U.K. using version 2.0 of its malware.
The malware uses the double extortion technique to compel victims into paying ransoms. Through this technique, attackers exfiltrate the victim’s data, after which they proceed to encrypt the data on the victim’s system. Data encryption is followed by the TAs demand ransom in exchange for a decryptor. If the victim refuses or cannot pay the ransom, the TA threatens to leak the data. This ransomware was previously known as ABCD ransomware as the file extension used for encrypting files was .abcd. Now the extension used by this ransomware is .lockbit.