The cyber group behind LockBit ransomware has launched an attack yet again, this time with a newer version of its software, LockBit 2.0. Swedish investment group Aktieinvest is the latest target, with the group behind the attack threatening to leak 62GB of data later this week.
The LockBit 2.0 ransomware attack is worrying for several reasons, given the advancements in the software and new methods employed by the cyber group. Here’s what we know so far about LockBit 2.0 and the Aktieinvest hack.
Would you like to investigate yourself? Read more on the LockBit 2.0 Onion page: lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion (Can only be accessed by Tor Browser or via DuckDuckGo)
What is LockBit 2.0?
LockBit 2.0 is highly sophisticated encryption software that is used in ransomware attacks on Windows machines. The software partially encrypts files through various methods, such as using batch files to cut off security processes.
LockBit also enables access to network domain controllers; this then allows LockBit 2.0 to quickly and easily deploy ransomware software across all Windows systems on one network. This makes LockBit 2.0 a very real threat to organizations worldwide as the software can effectively hold entire networks hostage until a ransom is paid.
One of the more worrying advancements with LockBit 2.0 is the recruitment of affiliates, aka personnel from inside companies. This recruitment program offers generous reparations to affiliates in a bid to reduce security blocks and make ransomware attacks easier to carry out.
What is Aktieinvest?
Aktieinvest is one of the largest online investment companies in Sweden. The trading platform enables Swedish clients to easily trade a range of equity shares and mutual funds. Aktieinvest also offers pension saving plans as well as saving schemes for minors.
The broker generates annual revenue of around $5 million, making it a desirable target for ransomware attacks.
The Aktieinvest attack – what happened?
The group behind LockBit 2.0 carried out a ransomware attack on aktieinvest.se, stealing 62Gb of data and publishing news of the hack online. Aktieinvest has been given until 08:02:00 on October 10th 2021 to pay up or face having the stolen data shared.
What kind of data could be leaked?
Since the majority of Swedes use BankID for proof of identity when signing financial documents or making payments online, it is unlikely that the 62Gb Aktieinvest data contains information such as passwords. However, that isn’t to say it doesn’t contain other valuable information. The stolen data could include:
- First and last names
- Physical addresses
- Email addresses
- Dates of birth
- Financial information such as holdings
Given that data is an increasingly hot commodity, the potential for the hacked data to contain any of the above is worrying for Aktieinvest and its clients.
What are the effects of this hack?
Given the mass amount of financial data that Aktieinvest holds, this ransomware attack could affect many Swedish customers. While the exact information in the stolen data is unknown, we suspect it could put many people’s private credentials and investment data at risk.
Not only does the hack affect innocent clients, but it tarnishes Aktieinvest’s reliable name within the financial sphere. The investment management firm has been around since 1965 and has a longstanding reputation. Should a mass amount of sensitive data be leaked, it calls into question the company’s security standards and will affect customer trust.
Has LockBit 2.0 Affected Other Companies?
Aktieinvest is not the only company to have been on the receiving end of a LockBit ransomware attack. Accenture, an Irish multi-services company, was allegedly attacked by LockBit in August 2021. Indeed, LockBit 2.0 was making headlines during the summer due to its many attack attempts on companies worldwide.
What can organizations do to protect themselves from ransomware?
Organizations need to ramp up security measures in a bid to protect against ransomware attacks. Be it LockBit 2.0 or other cybercriminal groups like REvil, the software and methods used to carry out these attacks are only getting increasingly advanced.
All companies need to ensure that security software runs on the latest version, regularly carrying out necessary updates. As well as this, companies need to keep an eye on any network behavior that is out of the norm as this can help detect and block hacking attempts.
Given that LockBit 2.0 is recruiting inside personnel from companies to help cut out go-betweens during attacks, it is also vital that companies only share administrative access to networks and systems with trusted people.