LockBit 2.0 ransomware is one of the most active families in the wild and pretends to implement the fastest encryption algorithms using multithreading with I/O completion ports. The malware doesn’t encrypt systems from CIS countries and can perform UAC bypass on older Windows versions if running with insufficient privileges. A hidden window that logs different actions performed by LockBit is created and might be activated using the Shift+F1 shortcut. The ransomware mounts all hidden volumes and stops a list of targeted processes and services. The malware generates a pair of ECC (Curve25519) session keys, with the private key being encrypted using a hard-coded ECC public key and stored in the registry. The binary deletes all Volume Shadow Copies using vssadmin and clears the Windows security application and system logs. LockBit obtains a list of physical printers used to print multiple ransom notes. The encrypted files have the “.lockbit” extension, and only the first 4KB of the file will be encrypted using the AES algorithm. A unique AES key is generated for each file, encrypted using the session ECC public key, and stored in each encrypted file.
Article Case Study cyber cybersecurity networks paper pen testing Penetration Testing report security wifi
Wi-Fi Network Penetration Testing with a Synopsis of Ontology to Enhance the Security
Most use the internet to send messages or documents (data) from point (A) to point (B). This is mainly done...
Case Study cyber cybersecurity LockBit ransomware Whitepaper
A Detailed Analysis of the LockBit Ransomware
LockBit 2.0 ransomware is one of the most active families in the wild and pretends to implement the fastest encryption...