At the same time that several big ransomware groups are throwing the towel, others getting arrested, and some laying low, we see new groups of actors willing to fill in the vacuum and old ones deciding to reboot their operations. The latest example of that second leg comes from LockBit, who, according to KELA, have just announced the start of the LockBit 2.0 affiliate program. This is a call to all ransomware crooks out there to consider joining in and benefiting from a new toolset that is allegedly superior to anything else circulating out there.
First of all, LockBit 2.0 promises to offer the fastest data exfiltration in the market through a new tool called ‘StealBit,’ which also supports real-time compression and drag-and-drop functionality and remains hidden from security tools. Based on LockBit’s promise, it can download 100 GB of data from compromised systems in just under 20 minutes.
This is very important for ransomware actors because the quicker they exfiltrate the data, the fewer the chances of being discovered and stopped in the process. Stealing that data is the whole point of ransomware attacks today because this data is often the only reason victims pay the demanded ransom.
The same promise is made for the encryption itself, as LockBit claims to have the “fastest encryption software in the world,” so that part of the ransomware infection is also promoted as superior to anything else out there. The only thing that the actors have to do is establish access to the core server, and the software will undertake all the rest.
Partners of the LockBit 2.0 program will also enjoy the following advanced functions and features:
The last time we covered LockBit news was a very prestigious attack against the Swiss helicopter maker ‘Kopter,’ who suffered a breach through a vulnerable Pulse Secure VPN installation. Now, LockBit is launching a fresh RaaS program to lure in all those actors who have been using DarkSide, Clop, Avaddon, etc., hoping to gain some serious cash over the next couple of months.