Almost Got Em!

When we talk about the possibility of a cybersecurity incident, do you ever wonder who are the criminal ransomware organizations responsible? We dug a bit deeper into one particular incident whom you may all be familiar with. The compromise within London Drugs.

On February 20, 2024, the UK’s National Crime Agency (NCA) announced that as part of an international effort it had infiltrated and compromised LockBit, one of the largest criminal ransomware organizations in the world. LockBit had become “fundamentally redundant.”, according to Graeme Biggar, the director of the NCA, boasting that “we have hacked the hackers.” Phew, right?

Despite all the rhetoric, on April 28, just over two months later, London Drugs, a major Western Canadian retailer with around 80 big box locations from BC to Manitoba, was forced to close for over a week due to an “operational issue” that was later revealed to be a ransomware attack carried out by none other than LockBit.

This begs the question, if LockBit was so thoroughly compromised, how could they pull off another major breach in such a short time, even while under such major scrutiny by the authorities – authorities who were even claiming to have recovered Personal Identifying Information during their own hack of LockBit’s environment?

LockBit first appeared in 2019, and was originally known by the name “.abcd” before changing to the current name soon after. In less than five years during which LockBit has been around it has racked up well over 3,000 publicly known victims, and it likely has many more we’ve never heard of.

Among its known victims stand major organizations like airplane manufacturer Boeing, the UK’s NHS and Royal Mail, and the Subway chain of fast food restaurants.

The secret to LockBit’s extraordinary reach is two fold. First, by all appearances it runs itself like any legitimate business, even running a bug bounty program for its software, and second, by adopting the as-a-Service model common in IT, and licensing the use of its ransomware to affiliates who then target their victims, rather than carrying out attacks on its own.

In exchange for using its ransomware, LockBit takes an estimated 20% of the ransom, leaving the affiliate who carried out the attack with the remaining 80%. (sweet deal if you can get it!)

The tradeoff for LockBit is that it does not have the same control over who is targeted by its ransomware that other criminal groups have, leading to a much larger variety in the number and types of targets that are chosen, and a higher chance that more sensitive or objectionable locations may fall victim.

In fact on December 31st, 2022, Lockbit issued an apology for the ransomware attack on Toronto’s Hospital for Sick Children, claiming an affiliate violated its rules.  This, however, hasn’t stopped LockBit or its affiliates from targeting other hospitals or health systems, and deaths have been attributed to ransomware attacks in the past. In spite of the unprecedented apology given by LockBit for the attack on a children’s hospital, it should be clear that no one is safe.

All of this leads to the simple question, if major fortune 500 companies are falling victim to these attacks, then what hope do small and medium sized businesses have of avoiding ransomware?  The answer to this question is surprisingly, quite a lot.

Very few successful attacks are carried out with complex hacks these days. Such techniques are time consuming, expensive, and they can be unreliable, as systems get patched and tricks that once worked no longer will.

A robust security infrastructure including Next-gen firewalls, SIEM, MFA, and EDR – among other elements, can help make an operating environment unattractive to threat actors.

However, even with this infrastructure in place, the weakest point for every organization remains the same – its users.  Most attacks come through vectors created directly by users. Whether it be weak passwords, reused passwords, users not locking their devices, allowing strangers access to sensitive areas, or clicking on strange links in emails.

The best way to combat these weaknesses is through Security Awareness Training. This training helps users to understand how they can be manipulated by bad actors, and how they can provide better security themselves.

Only a few months on, it already seems the NCA’s announcement of having taken down LockBit was premature.

At least one major attack has been attributed to it, and although on May 7, 2024 the US Department of Defense announced charges against Dmitry Khoroshev, the alleged leader of the group, he continues to live with impunity in Russia.

Criminal ransomware groups have proven extremely difficult to take down, and even if they can be stopped another one will be there to take over as soon as they are gone.

Ransomware is not going away any time soon, and only looks to get more sophisticated. This is why it is more important than ever that everyone make sure their environment is well defended from serious threat actors.

 

Picture of Author: Adam Macpherson

Author: Adam Macpherson

CS Controls Analyst

Fun Facts

with

Shing

A large part of northern Canada has lower gravity than the rest of the planet.

Fun Facts

with

Shing

There’s one bear for every two people in the Yukon.

Fun Facts

with

Shing

The first thanksgiving was celebrated in Newfoundland on May 27, 1578. The meal consisted of salted beef, biscuits, and peas.

Fun Facts

with

Shing

The coldest temperature ever recorded in North America was -63c in Snag, a small village in the Yukon.

Fun Facts

with

Shing

A Canadian robot named Dextre does repairs to the international space station.

Fun Facts

with

Shing

It’s legal to have a kangaroo as a pet in Alberta.

Fun Facts

with

Shing

Saskatchewan is the world’s largest exporter of mustard. The US eats most of it.

Fun Facts

with

Shing

At the end of WW2 Canada had the third largest navy in the world and 4th largest air force.

Fun Facts

with

Shing

Yonge Street is the longest street in the world and touches the Great Lakes and Cooks Bay.

Fun Facts

with

Shing

Mount Logan is the highest mountain in Canada.

Fun Facts

with

Shing

Sweden has the most islands in the world – over 220,000!

Fun Facts

with

Shing

The whopee cushion was invented in Canada.

Fun Facts

with

Shing

Little Lake Manitou, Saskatchewan is 5 times saltier than the ocean.

Fun Facts

with

Shing

The oldest known rock, discovered in Hudson Bay, is 4 billion years old.

Fun Facts

with

Shing

Canada has more doughnut shops per person than any other country.

Fun Facts

with

Shing

Alberta is the hail capital of the world.

Fun Facts

with

Shing

It would take 33 years to walk the coastline.

Fun Facts

with

Shing

Until 1995, it was illegal for margarine to be yellow.

Fun Facts

with

Shing

Quebec produces more than 70% of the world’s supply of maple syrup.

Fun Facts

with

Shing

Winnipeg consumes the most slurpees in the world.

under maintenance

The CLIENT PORTAL is currently undergoing maintenance.

For service, please email service@shingdigital.com or call 1-866-238-4941.