Poser Hackers Impersonate LockBit in SMB Cyberattacks

Recent cyberattacks against SMBs across Europe have been traced back to copycat groups using leaked LockBit locker malware.

Dark Reading Staff, Dark Reading

January 31, 2023

1 Min Read
abstract image illustrating a ransomware attack
Source: Nico El Nino via Alamy

A recent spate of cyberattacks against small to midsize businesses (SMBs) across Northern Europe was initially believed to be the handiwork of LockBit, but following further investigation, it turns out that a copycat group is using leaked LockBit malware for campaigns of its own.

According reports from Belgium's Computerland publication, the "wannabes," while not as sophisticated as the LockBit operators themselves, were able to encrypt the files of at least one organization. The LockBit impersonators were able to exploit an unpatched FortiGate firewall, researcher Pierluigi Paganini explained.

"Despite not being the true LockBit locker group, these micro-criminals were still able to cause significant damage by encrypting a large number of internal files," Paganini added. "However, the company was able to restore its network from backups and no client workstations were affected during the intrusions."

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights