[Lockbit2.0 ransomware]

[Virus/malware activity reported: Lockbit2.0 ransomware]

As a security breach believed to be in the form of Lockbit2.0 ransomware has occurred,
we would like to confirm the situation and provide a warning as follows.

Lockbit2.0 ransomware

The ransomware is called Project and appears to be changing all files with file name, extension, and lockbit.

How it works

file version

[Figure 1 Ransomware executable file compiler information]

[Figure 2 File information in window properties]

Ransomware operation characteristics

• It is a C++-based ransomware that mainly attacks through phishing emails. Lockbit2.0 uses the FNA hashing algorithm to obfuscate the library itself and dynamically uses the API, making it difficult to extract information statically. After encryption is complete, register the mshta.exe file in the startup program registry.

  
  [Figure 3 Checking shadow copies during dynamic operation]

Infection results

A guide file is created with the name <Restore-My-Files.txt> in each folder location, and each encrypted file is changed to <file name.extension.lockbit>.

[Figure 4 Infection results]

White Defender compatible

It supports real-time automatic restoration of files that will be encrypted before the malicious actions and blocking of White Defender ransomware.

[Figure 5 Block message]

Watch Lockbit2.0 blocking video