Naphezu kweqembu lezigelekeqe i-LockBit ransomware-as-a-service (RaaS) abathi babuyile ngemuva kokwehliswa kwenani eliphakeme maphakathi noFebhuwari, ukuhlaziya kuveza ukuphazamiseka okukhulu, okuqhubekayo kwemisebenzi yeqembu - kanye nemiphumela emibi kulo lonke ubugebengu bamakhompiyutha obungaphansi komhlaba, nemithelela engcupheni yebhizinisi.
I-LockBit yaba necala ngo-25% kuya ku-33% wakho konke ukuhlaselwa kwe-ransomware ngo-2023, ngokusho kwe-Trend Micro, okwenza kube kalula iqembu labalingisi abasongela kakhulu kwezezimali ngonyaka odlule. Selokhu yavela ngo-2020, ibize izinkulungwane zezisulu kanye nezigidi zesihlengo, okubandakanya nokushayisana kwezibhedlela ngesikhathi sodlame.
The Umzamo we-Operation Cronos, okubandakanya izikhungo eziningi zomthetho emhlabeni wonke, kuholele ekunqamukeni kwezinkundla ezixhumene ne-LockBit, kanye nokuthathwa kwendawo eputshuziwe yi-National Crime Agency (NCA) yase-UK. Iziphathimandla zabe sezisebenzisa lokhu kwakamuva ukuze zibophe, zifake unswinyo, zibambe i-cryptocurrency, neminye imisebenzi ehlobene nokusebenza kwangaphakathi kweqembu. Baphinde bamemezela iphaneli yokuphatha ye-LockBit futhi badalula amagama abasebenzisana nabo abasebenza neqembu.
Ngaphezu kwalokho, baphawule ukuthi okhiye bokukhipha ukubethela bazokwenziwa batholakale, futhi baveze ukuthi i-LockBit, ngokuphambene nezithembiso zayo kuzisulu, ayizange iyisuse idatha yezisulu ngemva kokukhokha.
Kukho konke bekuwumbukiso ohlakaniphile wamandla kanye nokufinyelela okuvela emphakathini wamaphoyisa, ukuphazamisa abanye ku-ecosystem ngokushesha nje futhi okuholela ekuxwayeni uma kuziwa ekusebenzeni nanoma iyiphi inguqulo evela kabusha ye-LockBit kanye nomholi wayo, ohamba nge- phatha "LockBitSupp."
Abacwaningi abavela ku-Trend Micro baphawule ukuthi, ezinyangeni ezimbili nengxenye ngemuva kwe-Operation Cronos, kunobufakazi obuncane obuyigugu bokuthi izinto ziyaguquka eqenjini - naphezu kwezimangalo ze-LockBitSupp zokuthi iqembu libuyela emuva ekusebenzeni okujwayelekile.
Uhlobo Oluhlukile Lokwehliswa Kobugebengu Be-Cyber
I-Operation Cronos iqale yahlangatshezwa nokungabaza ngabacwaningi, abaveze ukuthi okunye ukwehliswa kwakamuva, okusezingeni eliphezulu kwamaqembu eRaaS afana noBlack Basta, UConti, Hive, kanye neRoyal (ingasaphathwa ingqalasizinda ye-trojans yokufinyelela ekuqaleni njenge I-Emotet, I-Qakbot, kanye ne-TrickBot), kubangele ukuhlehla kwesikhashana kuphela kubasebenzisi bazo.
Nokho, isiteleka se-LockBit sihlukile: Inani nje lolwazi abomthetho abakwazile ukulifinyelela futhi balwenze libe sesidlangalaleni kulimaze unomphela ukuma kweqembu emibuthanweni Yewebhu Emnyama.
"Yize bevame ukugxila ekuthatheni ingqalasizinda yokulawula nokulawula, lo mzamo uqhubekile," kuchaza abacwaningi be-Trend Micro ukuhlaziya okukhishwe namuhla. “Kubone amaphoyisa ekwazile ukubeka engcupheni ithimba labaphathi be-LockBit, adalule amanxusa, futhi afinyelele ulwazi nezingxoxo phakathi kwezinhlangano ezisebenzisanayo nezisulu. Lo mzamo oqoqiwe usize ukungcolisa isithunzi se-LockBit phakathi kwezinkampani ezisebenzisanayo kanye nomphakathi wobugebengu bamakhompiyutha uwonke, okuzokwenza kube nzima ukubuya.”
Ngempela, ukuqubuka komphakathi wobugebengu be-inthanethi kwakushesha, kuphawula i-Trend Micro. Kokunye, I-LockBitSupp ivinjelwe kusukela kumaforamu amabili adumile angaphansi komhlaba, i-XSS kanye ne-Exploit, ikhinyabeza ikhono lomphathi lokuthola ukwesekwa nokwakha kabusha.
Ngokushesha ngemva kwalokho, umsebenzisi ku-X (owayekade engu-Twitter) wabiza “i-Loxbit” ngaleso sikhathi wathi eposini lomphakathi ukhohliswe yi-LockBitSupp, kanti omunye okucatshangwa ukuthi osebenzisana naye obizwa ngokuthi “michon” uvule inkundla yokuxoxisana ne-LockBitSupp ngokungakhokhi. Umthengisi oyedwa osebenzisa isibambo esithi “dealfixer” ukhangise ngempahla yakhe kodwa washo ngokuqondile ukuthi ubengafuni ukusebenza nanoma ubani ovela e-LockBit. Futhi enye i-IAB, “n30n,” ivule isimangalo kunkundla ye-ramp_v2 mayelana nokulahlekelwa yinkokhelo ehambisana nokuphazamiseka.
Mhlawumbe okubi nakakhulu, abanye abahlaziyi benkundla bebekhathazeke kakhulu ngenani lolwazi amaphoyisa akwazile ukulihlanganisa, futhi abanye bacabange ukuthi kungenzeka ukuthi i-LockBitSupp isebenze nabezomthetho kulo msebenzi. I-LockBitSupp yashesha yamemezela ukuthi ukuba sengozini kwe-PHP yikona okufanele kusolwe ngekhono labomthetho lokungena imininingwane yeqembu lezigelekeqe; Abaphikisi beWebhu Emnyama bavele baveza ukuthi isiphazamisi sinezinyanga futhi bagxeka izinqubo zokuphepha ze-LockBit kanye nokuntuleka kokuvikelwa kwabasebenzisana nabo.
“Imizwa yomphakathi wobugebengu bamakhompuyutha ekuphazamisekeni kwe-LockBit yasuka ekwanelisekeni kuya ekuqageleni ngekusasa leqembu, ikhomba ngomthelela omkhulu wesigameko embonini ye-RaaS,” ngokombiko we-Trend Micro, okhishwe namuhla.
Umphumela Wokupholisa Wokuphazamiseka Kwe-LockBit Embonini ye-RaaS
Ngempela, ukuphazamiseka kubangele ukuzicabangela phakathi kwamanye amaqembu e-RaaS asebenzayo: Umqhubi we-Snatch RaaS uveze esiteshini sakhe seTelegram ukuthi bonke babesengozini.
"Ukuphazamisa nokubukela phansi imodeli yebhizinisi kubonakala sengathi kube nomthelela omkhulu kunokwehliswa kwezobuchwepheshe," ngokusho kwe-Trend Micro. “Idumela nokwethenjwa kuyisihluthulelo sokuheha inxusa, futhi lapho lezi zilahlekile, kuba nzima ukwenza abantu babuye. I-Operation Cronos iphumelele ukuhlasela into eyodwa yebhizinisi layo ebibaluleke kakhulu: uhlobo lwayo.
UJon Clay, iphini likamongameli we-Trend Micro kwezobunhloli ezisongelayo, utshela i-Dark Reading ukuthi ukuhlambalaza kwe-LockBit kanye nomthelela omubi wokuphazamiseka emaqenjini e-RaaS ngokuvamile kunikeza ithuba lokulawulwa kwengozi yebhizinisi.
"Lesi kungaba yisikhathi sokuthi amabhizinisi aphinde ahlole izindlela zawo zokuzivikela njengoba singabona ukwehla kokuhlaselwa ngenkathi lawa amanye amaqembu ehlola ukuphepha kwawo ekusebenzeni," uyaphawula. "Lesi futhi yisikhathi sokubuyekeza uhlelo lokuphendula izigameko zebhizinisi ukuze uqiniseke ukuthi unazo zonke izici zokwephulwa komthetho ezifakiwe, okuhlanganisa ukuqhubeka nokusebenza kwebhizinisi, umshwalense we-cyber, kanye nempendulo - ukukhokha noma ukungakhokhi."
Izimpawu Zokuphila ze-LockBit Ziyihaba Kakhulu
I-LockBitSupp noma kunjalo izama ukubuyela emuva, i-Trend Micro itholakele - nakuba inemiphumela embalwa emihle.
Amasayithi amasha avuzayo e-Tor aqalwe ngesonto ngemva kokuhlinzwa, futhi i-LockBitSupp yasho ku-ramp_v2 inkundla ukuthi iqembu lezigelekeqe lifuna ngenkuthalo ama-IAB anokufinyelela ezizindeni ze-.gov, .edu, kanye ne-.org, okubonisa ukomela ukuziphindiselela. Akuphelanga sikhathi esingakanani ngaphambi kokuba inqwaba yabantu okwakuthiwa bayizisulu iqale ukuvela endaweni yokuvuza, iqala nge-FBI.
Nokho, lapho kufika umnqamulajuqu wokukhokha isihlengo, esikhundleni sokuthi idatha ye-FBI ebucayi ivela kusayithi, i-LockBitSupp yathumela isimemezelo eside sokuthi izoqhubeka nokusebenza. Ngaphezu kwalokho, izisulu ezingaphezu kwezingxenye ezimbili kwezintathu zazihlanganisa ukuhlasela okulayishwe kabusha okwenzeka ngaphambi kwe-Operation Cronos. Kwamanye, izisulu kwakungamanye amaqembu, njenge-ALPHV. Sekukonke, i-telemetry ye-Trend Micro iveze iqoqo elincane le-LockBit leqiniso elilodwa ngemuva kwe-Cronos, evela enhlanganweni eseningizimu-mpumalanga ye-Asia eyayiphethe imfuno yesihlengo ephansi, engu-$2,800.
Mhlawumbe okukhathazayo kakhulu, leli qembu belithuthukisa nenguqulo entsha ye-ransomware - i-Lockbit-NG-Dev. I-Trend Micro ithole ukuthi inomongo omusha we-.NET, oyivumela ukuthi ibe nengxenyekazi ye-agnostic; iphinde isuse amandla okuzisakaza kanye nekhono lokuphrinta amanothi esihlengo ngamaphrinta omsebenzisi.
“Isisekelo sekhodi sisha ngokuphelele ngokuphathelene nokuthuthela kulolu limi olusha, okusho ukuthi amaphethini amasha okuphepha azodingeka ukuze kutholakale. Kusewucezu olusebenzayo futhi olunamandla lwe-ransomware,” kuxwayisa abacwaningi.
Noma kunjalo, lezi izimpawu zokuphila ezintula igazi okungcono kakhulu ku-LockBit, futhi uClay uphawula ukuthi akucaci ukuthi ikuphi lapho yona noma izinhlangano ezisebenzisana nazo zingalandela. Ngokuvamile, uyaxwayisa, abavikeli bazodinga ukulungiselelwa amashifu kumaqhinga ezigelekeqe ze-ransomware ukuya phambili njengoba labo ababamba iqhaza ku-ecosystem behlola isimo sokudlala.
"Amaqembu e-RaaS kungenzeka abheke ubuthakathaka bawo abanjwe abomthetho," uyachaza. “Bangase babuyekeze ukuthi yiziphi izinhlobo zamabhizinisi/izinhlangano abaziqondise ukuze banganaki kakhulu ukuhlaselwa kwabo. Abasebenzisana nabo bangabheka ukuthi bangashintsha kanjani ngokushesha besuka kwelinye iqembu baye kwelinye uma kwenzeka iqembu labo elikhulu leRaaS lehliswa. ”
Uyanezela, “ukushintshela ekukhishweni kwedatha uma kuqhathaniswa nokuthunyelwa kwe-ransomware kungase kukhule njengoba lokhu kungaphazamisi ibhizinisi, kodwa kusengavumela inzuzo. Siphinde sibone amaqembu e-RaaS eguqukela ngokuphelele ezinye izinhlobo zokuhlasela, njenge-imeyili yebhizinisi eyekethisa (BEC), ezibonakala zingaphazamisi kangako, kodwa ezisangenisa imali eningi emibonweni yazo eyinhloko.”
- I-SEO Powered Content & PR Distribution. Khuliswa Namuhla.
- I-PlatoData.Network Vertical Generative Ai. Zinike Amandla. Finyelela Lapha.
- I-PlatoAiStream. I-Web3 Intelligence. Ulwazi Lukhulisiwe. Finyelela Lapha.
- I-PlatoESG. Ikhabhoni, I-CleanTech, Amandla, Environment, Ilanga, Ukuphathwa Kwemfucuza. Finyelela Lapha.
- I-PlatoHealth. I-Biotech kanye ne-Clinical Trials Intelligence. Finyelela Lapha.
- Source: https://www.darkreading.com/threat-intelligence/lockbit-ransomware-takedown-strikes-brand-viability
