The LockBit 3.0 ransomware has attacked the global G4S branch in Serbia. After upgrading its ransomware to version 3.0, LockBit has set off many campaigns in its pipeline and continuously evaluates new strategies and targets. In its latest campaign, the prolific ransomware gang has attacked G4S and uploaded the stolen data on the dark web, RedPacket Security reported.
LockBit operators are known for gaining access through compromised systems or RDP accounts — purchased via third-party vendors on the dark web or from their associates. In other cases, the threat group has also used standard attack methods, such as spam email or brute forcing vulnerable RDP or VPN credentials to exploit and hack into the victim’s devices and networks.
G4S is a global private security company based in London, England, and is required to offer employment and training services to fulfil the needs of businesses. It provides security and privacy expertise in private and public sectors and has been affiliated with many security organizations and government entities since 2004.
It is a part of Allied Universal, a global business that operates in over 85 countries and employs over 800,000 people. It also provides training and security solutions to companies and is known for leveraging the best international practices in communities.
According to the company’s website, G4S generates revenues of $18 billion and supports the new business by delivering security solutions.
Lockbit ransomware gang hacks G4S Global
LockBit 3.0 Ransomware Victim: g4s[.]com – https://t.co/5bl5uLyvEs#LockBit 3.0 #Ransomware #OSINT #ThreatIntel #darkweb #TOR
— RedPacket Security (@RedPacketSec) December 7, 2022
According to the report, the threat group uploaded the stolen data to the dark web on December 6, 2022, at 15:13 UTC. It threatened the security company to pay the ransom amount (still unknown) by December 19, 2022, 03:13:02 UTC.
The Lockbit ransomware gang has been detected on several occasions all over the globe. It attacked the US economy multiple times, from June 2021 to January 20, 2022, followed by other nations in Asia and America. According to TrendMicro, the threat actor avoids targeting Commonwealth of Independent States (CIS) countries.
With a particular focus on the healthcare sector, followed by the education sector, the ransomware gang is seen stepping up in its strategy and becoming more aggressive with the introduction of version 3.0.
Researcher at RedPacket Security claims that the dark web website currently holds Lockbit posts and uploads and has shared a warning, stating, “ALL AVAILABLE DATA WILL BE PUBLISHED!”
Moreover, the threat group has offered to extend the ransom deadline by 24 hours in exchange for $1000. In the same post, the threat actor also shared some more scheme, including deleting the data held by the group for $50000, and another $50000 to download and retrieve the stolen data.
What is Lockbit 3.0? How different is it from 2.0?
Lockbit 3.0 is the next generation of ransomware employed by the Lockbit ransomware gang and uses the prolific BlackMatter ransomware code as its USP. LockBit 3.0 or known by other aliases such as ‘LockBit Black,’ is capable of anti-debugging, removing the Volume Shadow Copy files, and even self-spreading using legitimate tools inside the victim’s systems.
In its initial phase, LockBit ransomware came into existence in mid-2019, followed by an upgraded version called version 2.0. In 2022, the ransomware news gang introduced the latest version, version 3.0, and the most recent builder version leaked in September 2022.
Notably, LockBit 3.0 appears to have several traits of the BlackMatter; a popular ransomware-as-a-service variant discovered just last year.
According to sources, the sheer number of samples collected by threat researchers indicates that LockBit 3.0 is based on BlackMatter or reuses its code to function.