Skip to main content

This New Ransomware Can Infect A Network In Just Minutes

By November 3, 2020May 5th, 2022Cybersecurity

Not all ransomware strains are created equally. Some are designed as slow burns that will infect a target system, expanding its reach for days, or even weeks before striking and locking your business critical files. Others are designed to hit fast and hard.

Lockbit definitely falls into this latter category, based on a detailed analysis of the code conducted by researchers at Sophos.

Their conclusion is that from the time a target network is breached, Lockbit will start encrypting files in as little as five minutes, which is so fast that it doesn’t really give your IT staff an opportunity to respond to the attack. By the time they become aware of it and begin deploying resources to minimize the damage, it’s usually over.

The research team discovered that once Lockbit makes its way onto a target system, it will do a quick, keyword based scan of network drives to locate the information most valuable to the team that inserted it.

This particular malware strain is offered as “Ransomware as a Service” so the keywords Lockbit uses for this search will be different, depending on who paid for the service, who they’re attacking, and what they’re most interested in acquiring. This is because of course, the hackers will copy the information they want before they start encrypting files.

In any case, this process doesn’t take long, and once that’s done, the malware executes in memory via a Windows Management Instruction (WMI) command. The research team observed that in every case they studied, the attack began in earnest, with files being locked, within five minutes of issuing the WMI command. That’s as fast and brutal as it gets.

There’s still a lot the team doesn’t know about Lockbit, but they’re continuing to study both the code and the aftermath of the attacks made on corporate networks around the world. They will continue updating the rest of us with their findings. None of the news is good, but it’s always better to know than not.

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.