LockBit Ransomware Recruiting Insiders to Breach Corporate Networks

In the latest development for the LockBit 2.0 ransomware (discussed by WaterISAC in last Thursday’s Security & Resilience Update), its operators are actively recruiting corporate insiders to help them breach and encrypt networks. In return, the insider is promised a million-dollar payout. Many ransomware groups operate as a Ransomware-as-a-Service, which consists of a core group of developers who maintain the ransomware and payment sites and recruited affiliates who breach victims’ networks and encrypt devices. In many cases, the affiliates purchase access to networks from others rather than breaching the company themselves. With LockBit 2.0, the ransomware gang is trying to remove the middle-man and instead recruit insiders to provide them access to a corporate network. While this tactic may sound far-fetched, it’s not the first time threat actors attempted to recruit an employee to encrypt their company’s network. In August 2020, the FBI arrested a Russian national for attempting to recruit a Tesla employee to plant malware on the network. Read more at Bleeping Computer.