Two days after a team of international authorities wreaked havoc on LockBit, one of the most costly ransomware syndicates on the internet, researchers have detected a new attack that installs malware associated with the group. Did. From the report: The attack, detected within the past 24 hours, exploits two critical vulnerabilities in ScreenConnect, a remote desktop application sold by Connectwise. According to researchers at his two security companies, SophosXOps and Huntress, attackers who successfully exploit vulnerabilities go on to install LockBit ransomware and other post-exploitation malware. It was not immediately clear whether this ransomware was the official version of LockBit.
“While we are unable to release the customer's name at this time, we can confirm that the malware being deployed is associated with LockBit, which is particularly interesting in the context of the recent LockBit takedown,” Huntress said. John Hammond, Principal Security Researcher at . Email. “While we cannot directly attribute this to the larger LockBit group, we believe that LockBit has a large Hammond said the ransomware has been deployed to “veterinary hospitals, clinics, and local governments, including attacks on systems related to 911 systems.” . References: The United States will provide up to $15 million for information on LockBit readers.