According to trends, the LockBit 2.0 ransomware gang may actively recruit corporate insiders to hack into networks. LockBit ransomware, a malicious program that blocks user access to computers in return for ransom payments, is known as LockBit ransomware. LockBit 2.0, a file-locking program that demands Bitcoins from its victims, is what it looks like. File locking is a method that blocks access to a computer file or a portion of it. It allows only one person or process to modify, delete, or change it.
These attacks are sophisticated. LockBit affiliates use the ‘double extortion’ technique. They upload stolen and sensitive victim information onto their dark web site LockBit 2.0 and threaten to sell and disclose this information if they aren’t satisfied with their ransom demands.
Avihai Ben Yosef, co-founder, and CTO at Cymulate is looking into the matter for Digital Journal.
Yossef says we should see the current situation in genuine danger: “Businesses of all sizes have had to deal with employees divulging company secrets and stealing revenue, as well as other acts that could harm the organization.”
Yossef tries to understand the reasons behind the activity. “In many cases, this was done at the request of an external concern promising employees some form of reward for making their efforts worthwhile. The news that a ransomware company offered information payment is shockingly visible. However, it is just one example of a situation that has been present since two companies first competed for the same market.
This is due to structural weaknesses in internal security systems. For example, Yossef says that many organizations lack proper authorization and permission management, leading to risk exposure that allows for the use of nefarious activities.
He warns that businesses must be cautious about what employees can do with digital assets. Limiting access to users should be done to reduce risks. This will ensure that if any user sells information, they determine what they can do with it.
As Yossef suggests in his last advice, this means that each person should have the correct permissions and access to what they need to perform their job.
