Dozens of companies in our country have fallen victim to the Russian hacker collective LockBit. The reason why this is not widely known is because duped companies quickly paid a ransom. That way, they tried to avoid the incident being discussed in the media.
LockBit is a hacker group that has been active since September 2019. According to the Cybersecurity and Infrastructure Security Agency (CISA), the U.S. counterpart of the National Cyber Security Center (NCSC), LockBit is the most active ransomware group in the world. The hacker collective is said to have carried out more than 1,700 cyber attacks worldwide.
LockBit uses ransomware to extort businesses and organizations. Members of the group do not develop the hostage software themselves, but rent it from hackers who are technically savvy. In exchange, the developer gets a share of the proceeds. He is not directly involved in a cyber attack. This revenue model is also known as Ransomware-as-a-Service (RaaS).
Big advantage of this revenue model is that cybercriminals, also called affiliates, can get straight to work. They do not have to invest time to program this malware. All that actually needs to be done is to spread the ransomware. This is done in a variety of ways, such as through e-mail and spam messages, or using stolen login credentials.
Several Dutch companies have fallen victim to LockBit. Perhaps the best-known example is the Royal Dutch Football Association, the KNVB. Through a ransomware attack, the hacker group reportedly managed to capture 305 GB of confidential data. This included name and address details, contact information, bank account numbers, medical data, copies of passports and contracts, secretariat documents and confidential documents on disciplinary cases of players of the Dutch national team and other professional soccer players.
In September, the KNVB announced that it had paid a ransom to the hackers. The soccer association would not say what the amount was, but it was possible that it was around one million euros. Security experts felt that the KNVB had acted "ignorantly and slowly. Aleid Wolfsen, board chairman of the Autoriteit Persoonsgegevens, said the association was maintaining "a reprehensible revenue model. The soccer federation also received acclaim for openly admitting to having paid a ransom.
The Brabant healthcare facility Joris Zorg and wellness resort Thermae2000 were also victims of LockBit earlier this year.
According to cyber security specialist Willem Zeeman of Fox-IT, many companies and organizations in our country have been attacked by the Russian hacker collective. He says victims often pay quickly to avoid reputational damage. "Sometimes companies pay the same day to avoid negative publicity. Nobody finds out," Zeeman told BNR.
He said LockBit is causing victims worldwide. The Cybersecurity and Infrastructure Security Agency (CISA) has calculated that more than 1,700 are affected in four years. Moreover, not just any hacker is allowed to use the hostage software. "You have to prove that you are good enough first, because they have a name to uphold," he said.
Experts say LockBit is currently the most active ransomware group in the world. The hacker group is associated with the data theft at Boeing. The group says all captured data has been put online. It says it involves more than 40 GB of confidential corporate information.
