Source: Bloomberg
In January, it attacked Royal Postal, causing interruption of international mail transportation.In less than a month, it attacked a British fintech company, causing global derivatives to paralyze.The parts and distribution business of Japan's largest shipping port and Boeing have also been its victims.
It is one of the most attacking software gangs in history.Compared with Lockbit's recent attacks, no one together has caused such a great shock to the entire financial community as the attack on Industrial and Commercial Bank of China on Thursday.According to the total assets, the world's largest bank ICBC disclosed that the hacker attacks were disclosed on Thursday, which caused the transactions of some US bond markets to be unable to liquidate, forcing brokers and traders to adjust the transaction arrangements.
"It is really shocking," said Marcus Murray, the founder of Swedish network security company TrueSec.This large -scale and high -profile attack "will make large banks around the world compete to strengthen defense from today."
Lockbit's destructive power today has been brewing for about four years.According to the U.S. Department of Justice, the gang began to be active at least in early 2020. It attacked up to 1,000 victims worldwide and ransomed more than $ 100 million ransom.Industry experts said that the members of the organization are related to Russia and can see their active figures on the Russian cyber crime forum.
The gang is a so -called "service with ransomware".Its core hacker members develop malware and other tools.Free network criminals subsequently joined Lockbit to obtain their tools and infrastructure, and launched hackers.Cyber security companies pointed out that if the attack is successful, Lockbit will get a commission, usually about 20%of the ransom.
"They do it as business as business, so the most appropriate explanation," Analyst1 chief security strategist Jon Dimaggio said in an interview earlier this year."The founder took himself as Steve Jobs to run Lockbit, which was successful for them, and others suffered."
Lockbit hackers use so -called ransomware to infiltrate and hold the computer system.They ask for payment to unlock the invaded computers, and often use the stolen data as a threat to force the victim to pay.
Cybersa Casanky said that the victims of the gang are all over Europe, the United States, as well as China, India, Indonesia and Ukraine.
How many people are involved in the gang and where they are still unclear, but they stated on the website that they will not attack the Soviet countries because most developers and partners are born and grew up in these countries.Essence
As of the morning of Friday, Lockbit's website has not listed ICBC as victims.TrueSec's threat intelligence expert Mattias W? Hlén said that this is not uncommon."Many initial ransom letters include such proposals. If the victims are quickly paid, the ransomware organization will not announce the victim's name to avoid public humiliation."
Eric Noonan, CEO of Security Services Cybersheath, describes Lockbit as "the most global ransomware in 2022", saying that it is also "active" this year.However, Noonan said: "A Chinese -funded bank is really surprising."
W? HLén said that because the Chinese government banned cryptocurrency transactions -the preferred payment method of hackers -criminal gangs generally do not target China.He said that China has also been considered a Russian allies, so attackers who have something to do with Russia are not very targeted at China.
"If this attack finally proves that it is a mistake," Noonan said."Then Lockbit is likely to participate in helping repair and provide free decryption, just like their approach after attacking the wrong object in the past."
However, the Lockbit hacker has made it clear that they are equal opportunityist.In a statement at the beginning of last year, they claimed that they were "not political."
"For us, it's just business," the gang said."Our work is harmless and useful. We are only interested in money."