From bleepingcomputer.com
A new version of the LockBit 2.0 ransomware has been found that automates the encryption of a Windows domain using Active Directory group policies.
The LockBit ransomware operation launched in September 2019 as a ransomware-as-a-service, where threat actors are recruited to breach networks and encrypt devices.
In return, the recruited affiliates earn 70-80% of a ransom payment, and the LockBit developers keep the rest.
Over the years, the ransomware operation has been very active, with a representative of the gang promoting the activity and providing support on hacking forums.