The cybersecurity industry has learned that LockBit is using malicious code from ransomware groups such as BlackMatter and DarkSide. A strategy that increases attack vectors. Specifically, Kaspersky’s Threat Attribution Engine (KTAE) has detected that LockBit incorporated approximately 25% of the code from the now-defunct Conti ransomware gang, giving birth to a new variant called LockBit Green.LockBit became known for attacking and causing large losses to companies all over the planet. This new discovery underscores the intention to expand the reach and impact of their cyberattacks. “Companies need to strengthen their defenses, regularly update their security systems, educate employees, and establish incident response protocols to effectively mitigate effectively address the risks posed by both LockBit and other similar ransomware groups,” says Marc Rivero, Principal Analyst at Kaspersky’s Global Research and Analysis Team (GReAT).

LockBit expands to macOS devices

Kaspersky analysts discovered a ZIP file with LockBit samples specifically designed for multiple architectures, including Apple M1, ARM v6, ARM v7, FreeBSD, among others. With the help of KTAE, they confirmed that the samples originated from the previously seen version of LockBit Linux/ESXi. Some of those samples, such as the macOS variant, require additional configuration. LockBit is actively testing its ransomware on various platforms, which points to an imminent expansion and increase in attacks on businesses around the world. To protect businesses against ransomware attacks, Kaspersky recommends: Always keeping computers up-to-date to prevent attacks that exploit vulnerabilities to infiltrate the network. Focus the defensive strategy on detecting lateral movements and data breaches on the Internet. Pay special attention to outgoing traffic to detect cybercriminal connections to the network. Make backup copies offline and have quick access to them when necessary.

LockBit, one of the world’s most active ransomware groups, has enhanced its operations with new cross-platform functionality

Activate ransomware protection on the endpoint. There is a free tool from Kaspersky (Anti-Ransomware Tool for Business) that protects devices and servers against ransomware, other malware and exploits, and is compatible with other installed security solutions. Install EDR and Advanced Persistent Threat (APT) solutions for threat detection and early phase incident investigation and resolution. Provide the SOC team with the latest threat information and improve their capabilities with professional training and training, something offered by Kaspersky Expert Security Framework .Kaspersky Threat Intelligence makes available to companies threat intelligence information collected by Kaspersky in the last 20 years. Kaspersky offers free access to this information to help companies improve their defenses.