LockBit ransomware now encrypts Windows domains using group policies

From bleepingcomputer.com


A new version of the LockBit 2.0 ransomware has been found that automates the encryption of a Windows domain using Active Directory group policies.

The LockBit ransomware operation launched in September 2019 as a ransomware-as-a-service, where threat actors are recruited to breach networks and encrypt devices.

In return, the recruited affiliates earn 70-80% of a ransom payment, and the LockBit developers keep the rest.

Over the years, the ransomware operation has been very active, with a representative of the gang promoting the activity and providing support on hacking forums.

Read more…