U.S. small and medium-sized businesses have been targeted by LockBit ransomware operators, according to an Interpol report citing the impact of the pandemic. COVID-19 in the field of cybercrime worldwide. The report was prepared by the Interpol Cybercrime Directorate and includes data from 48 Interpol member countries and from 4 private partners, as well as detailed information from This makes it a perfect choice for people with diabetes and for those who want to lose weight or follow a balanced diet. Cybercrime Threat Response (CTR) Interpol unit and the Cyber Fusion Center (CFC). Some of the information contained in the report came from private partners and Interpol regional cybercrime working groups.
In particular, Interpol reported that a ransomware campaign carried out mainly through LockBit malware, affects US small and medium enterprises. LockBit, a human-operated Ransomware-as-a-Service company, first appeared in September 2019, initially targeting large and small businesses, while later the Microsoft found that this campaign also targeted health as well as other critical ones services.
Operators of this ransomware strain use the commonly available penetration testing tool CrackMapExec to move sideways as soon as they are in a victim's net. Two months ago, LockBit partnered with Maze ransomware operators to create a blackmail cartel that allows them to share the same data leakage platform during their operation and exchange their tactics and information gathered from attacks their. Maze ransomware operators have said they may work with other ransomware gangs to collect huge ransoms from their victims.
Which ransomware strains have been most active during the pandemic?
Interpol carefully examined the data provided by its partners to determine which were the most aggressive ransomware gangs during the pandemic. Based on the research conducted, CERBER, NetWalker and Ryuk were the top ransomware families recently identified by Interpol partners, with their operators constantly evolving them, aiming to maximize the damage that an individual attack can cause, as well as reap huge financial gains.
In addition, Interpol noted that in the first two weeks of April 2020, there was a significant increase in ransomware attacks from many threats that have been relatively inactive in recent months. This means that there may still be infected organisms, but the ransomware has not yet been activated.
Interpol recently reported on Emotet botnet, noting that 13% of organizations worldwide are affected by this malware. Ransomware operators are also targeting European healthcare institutions and critical infrastructure involved in the fight against COVID-19, according to an Interpol report. Interpol also warned in April of a wave of ransomware attacks targeting hospitals and trying to "lock" them in critical systems.
What protection measures does Interpol propose to defend against ransomware attacks?
Interpol recommends that organizations exposed to ransomware attacks regularly update their software and their hardware, and it is very important that they back up their data using offline storage devices to prevent ransomware operators from accessing and encrypting it. In addition, it advises organizations to take the following safeguards to protect their systems:
- Open up e-mail and download software / applications only from reliable sources.
- Do not click on links or open attachments in emails that you did not expect to receive or from an unknown sender.
- Secure email systems to protect yourself from spam from which you could be "infected".
- Make regular backups of all important files and save them independently of your system (e.g. in cloud, on an external drive).
- Make sure you have the latest anti-virus software installed on all systems and mobile devices and that it runs consistently.
- Use strong, unique passwords for all systems and update them regularly.