Trends suggest the LockBit 2.0 ransomware gang is actively recruiting corporate insiders to break into networks. LockBit ransomware is malicious software designed to block user access to computer systems in exchange for a ransom payment. In practice, LockBit 2.0 is a file-locking code that demands Bitcoins from its victims. File locking is a mechanism that restricts access to a computer file, or to a region of a file, by allowing only one user or process to modify or delete it.
The attacks are sophisticated. LockBit affiliates implement the ‘double extortion’ technique by uploading stolen and sensitive victim information to their dark web site ‘LockBit 2.0’, and threatening to sell and/or release this information if their ransom demands are not met.
Looking into the matter for Digital Journal is Avihai Ben Yossef, Co-Founder and CTO of Cymulate.
According to Yossef we need to see the current situation as a very real threat: “Businesses of all sizes have long had to contend with internal employees divulging company secrets, stealing revenue, and performing other acts that harm the organization.”
Looing to the whys, Yossef finds: “In many cases, this activity was at the request of an external concern promising the employee some form of reward to make their actions feel worthwhile. This news of a ransomware group offering payment for information is shockingly public and visible, but is also just the latest form of a situation that has existed since the first time two companies competed for the same market.”
This situation comes about due to structural weakness with internal security systems. Yossef finds that: “Many organizations have gaps in permission management and authorization, that results in risk exposure such nefarious activities take advantage of.”
Consequently, he cautions: “Businesses must be wary about what their employees can and cannot do with digital assets. To mitigate risks, one should limit users to the least amount of privilege so that if one of them does sell information, there is a limit of what can be done with it.”
This means, as Yossef recommends with his final advice, making “Sure each person has the specific permissions and access to exactly what he needs to do his or her job.”
