LockBit attacks small organizations, using automated tools to find the juiciest targets

LockBit ransomware family first became active around a year ago, constantly improving and using new ways to bypass Windows User Account Control (UAC). LockBit evading methods consist of calling scripts from a remote Google document and abusing PowerShell by using its renamed copies. Those PowerShell scripts collect valuable information about targeted networks before unleashing the LockBit ransomware while scouting for the defense lines such as firewalls. The ransomware is deployed if the fingerprint of the target matches the chosen targets. Read more...