Ransomware Report

You can check the latest ransomware information.

title
Lockbit2.0 ransomware
Registration date
2024-08-19
views
1388

[Lockbit2.0 ransomware]

[Virus/malware activity reported: Lockbit2.0 ransomware]

As a security breach believed to be in the form of Lockbit2.0 ransomware has occurred,
we would like to confirm the situation and provide a warning as follows.

Lockbit2.0 ransomware

The ransomware is called Project and appears to be changing all files with file name, extension, and lockbit.

How it works

file version


[Figure 1 Ransomware executable file compiler information]


[Figure 2 File information in window properties]

Ransomware operation characteristics

  • It is a C++-based ransomware that mainly attacks through phishing emails. Lockbit2.0 uses the FNA hashing algorithm to obfuscate the library itself and dynamically uses the API, making it difficult to extract information statically. After encryption is complete, register the mshta.exe file in the startup program registry.


    [Figure 3 Checking shadow copies during dynamic operation]

Infection results

A guide file is created with the name <Restore-My-Files.txt> in each folder location, and each encrypted file is changed to <file name.extension.lockbit>.



[Figure 4 Infection results]

White Defender compatible

It supports real-time automatic restoration of files that will be encrypted before the malicious actions and blocking of White Defender ransomware.


[Figure 5 Block message]

Watch Lockbit2.0 blocking video

Previous post
Alice ransomware
next post
Project ransomware
Everyzone White Defender Co., Ltd. | CEO: Seunggyun Hong|Business registration number: 220-81-67981
Copyright ⓒEveryzone , Inc. All Rights Reserved.|