Skip to Content

LockBit Ransomware Targets Italian Revenue Agency

One of my favorite things to do in the morning is to Google “ransomware”. One of these days I’m going to record it, but today I’ll talk about one of my major observations – a major breach by LockBit ransomware.

What is LockBit Ransomware?

I covered LockBit back in February, since it grabbed my attention due to the FBI issuing a waring about it.

It has all of the characteristics of a particularly nasty ransomware strain. It is Multiplatform ransomware targeting Windows, Linux, and ESXi as of the 2.0 release. It is also distributed as Ransomware as a Service (RaaS) making the barrier to entry into an environment pretty low.

What’s worse is they took things a step further, and introduced bug bounty programs! I’m telling you, these ransomware operations are more sophisticated than many startups out there.

It is this type of sophistication that makes it just so dangerous. These threat actors are dedicated to improving their software and operations with one goal in mind – to make you pay.

Do you think they are getting caught up in many of the issues organizations face? Think of the resistance you’ve met trying to make security minded changes in your environment.

There’s none of that there.


LockBit in the News

The news was swept with reports today and yesterday that the Italian Revenue Agency was breeched by LockBit. Officially, the Italian Revenue Agency released a statement to the effect that they were looking into it, but there is a bit of back and forth on the official side whether or not this happened.

Except for the fact that LockBit flat out added them to their list of recent victims according to Security Affairs. Be sure to check out what they found on the dark web, but basically LockBit claims to have the data that they will release.

Personally I sit here looking at these types of attacks and are like wow, government? That takes a lot of nerve.

Of course, LockBit has been around for some time, and obviously haven’t had any problems doing business, so I suppose that’s just what they do at this point.

Why the choice of a government agency seems just…wow to me, it also makes sense. I’m going to go with they got the good stuff when they hit the Italian Revneue Agency, and the impact of their data release will be huge for everyday people.

They weren’t going for the cat pictures or the mp3s, they were going for the stuff to make the Italian government pay.

Also recent in the news is an account about a small Canadian town who has been hit by LockBit. Also something that could impact everyday people.

Protecting Against LockBit Ransomware

When it comes to protecting yourself against the treat of LockBit ransomware, there really isn’t anything particularly special about what to do.

It all comes back to the same basics over and over again.

In February, the FBI released some guidance agains protecting against LockBit, which you can find here.

Some of the key points are:

  • Require all accounts to have strong, unique passwords
  • Require multi factor authentication
  • Keep all operating systems up to date

I’ll stop there, because those are three basic tips which can help protect against almost any ransomware threat.

The problem always is about implementation. Much of it ties back to simply how organizations work. It isn’t easy to make a change, such as require multi factor authentication. Users hate change, but at the same time, users are usually how the ranomware gets it.

It is a balance between protecting as much as you can as quickly as you can, and building a solid security strategy to take your forward.

Don’t miss my top 10 ransomware defense tips to help you get started on this journey.