The LockBit Ransomware Gang's Attack on Academia21

The LockBit ransomware gang has attacked the Academia21. Academia21 is an Australian education provider headquartered in Melbourne. LockBit posted Academia21 to its data leak site on July 18th, threatening to publish all stolen data by July 24th if the organization refuses to comply. LockBit has been active since 2019 and is enabled with security tool evasion capabilities and an extremely fast encryption speed.

LockBit's Modus Operandi

LockBit is noted for using a triple extortion model where the victim may also be asked to purchase their sensitive information in addition to paying the ransom demand for decrypting systems. LockBit is considered to have been the most active attack group in 2022 as other high-profile groups became less active. The group continues to improve its attack platform and introduced LockBit in June of 2022, which bore some similarities to the BlackMatter ransomware. The latest version incorporates advanced anti-analysis features and is a threat to both Windows and Linux systems.

Technical Details of LockBit Ransomware

LockBit employs a Base64-encoded hash and an RSA public key in its configuration and hashes it with MD5. LockBit also created its own bug bounty program.

Target Preferences of LockBit

LockBit tends to target larger enterprises across any industry vertical with the ability to pay high ransom demands but also tends to favor Healthcare targets.