The Affiliate Ransomware Threat: LockBit

Ransomware is getting more dangerous – and it impacts Calgary and Alberta businesses multiple times a day.

Randsomware groups are now paying ‘finders fees’ for individuals to help them gain access and hold computer systems ransom.

If you don’t know what ransomware is: Malicious software is installed on your computer(s) or network which ‘locks’ you out of your data. If you want access to your data back: you have to pay the ransomer (anywhere from thousands to hundreds of thousands, or more – dependant on the value of your data).

How does affiliate-based ransomware work?

  • An individuals who have access to systems or networks can offer that access.
  • A hacking group or cybercriminal gang completes a successful ransomeware attack, locking those systems until the ransom is paid.
  • Once paid, the individual or group who supplied the access gets a bounty or comission for their efforts.
  • Very often the individual or group supplying the access is a contractor, employee, or associate (or sometimes an ex-associate) who still has some level of access.
  • This is why having a cybersecurity, backup, and modern IT infrastructure is critical to your business operations.

One of the main “organizations” offering a bounty for ransomware attacks is called LockBit.

What is LockBit?

LockBit is a cybercriminal gang that operates using a ransomware-as-a-service (RaaS) model.

  • LockBit offers its ransomware services to individuals or groups to use as an affiliate model.
  • Any ransom payments gained from a LockBit attack are divided between the customer directing the attack and the LockBit gang.
  • The individual or group is only paid a bounty/commission after a successful attack.

Why should I care?

Malicious ransomware hackers are not going away. Their targets have been from big companies to smaller organizations. If a hacker finds a weakness in a company’s defences they will try to exploit it.

Best practices suggest not to pay the hackers, but depending on the severity – sometimes this is not an option. Also: The majority of Ransomware victims that pay are hacked again at a later date.

What should you do?

Firstly, ensure that your IT department has a robust backup system in place for all computers, servers, and devices on your network.

Next, you need to ensure you have a ransomware response plan in place. Not only does it help you maintain control of a very stressful and challenging situation – but it will save you thousands (if not hundreds of thousands) of dollars.

Britec manages all such plans for it’s clients – so we recommend starting with your IT partner (or department). We talk more here about How to recover from a Ransomware attack.

Need help regarding Ransomware?

Contact Britec. We can help you with your Ransomware issues.