HQ/EMEAFind out how we can help your business
The REvil-based operation Ransomware-as-a-Service (Raas) called LV ransomware has reemerged in the cybercriminal landscape. Experts claimed that the REvil member shared or sold their source code to the LV ransomware operators.
Based on reports, the LV ransomware has new attack methods and capabilities that researchers did not see in its previous attacks. An incident involving the ransomware infected the corporate environment of organisations based in Jordan.
The ransomware operators exploited the MS vulnerabilities called ProxyLogon and ProxyShell. Subsequently, the attackers abused the vulnerabilities to drop a webshell in the public access folders.
A separate researcher said that the threat actors did not add new capabilities to their ransomware, but they expanded affiliate programs. Moreover, the LV actors employed a double extortion tactic to blackmail the victims and put more pressure to pay the asked ransom.
The LV ransomware has picked up in the 2nd quarter of this year.
The LV ransomware breaching incident has expedited in the second quarter of 2022, which is simultaneous to their affiliate extension program. Recent data shows Europe has the highest infection rate this year, and North America and Asia followed it.
However, the most reported incidents caused by the ransomware payload are from Saudi Arabia and the United States. Furthermore, the manufacturing and technology departments have been the most affected, even though the group targets all industry forms.
In related news, researchers have also recorded the rise of DeadBolt ransomware attacks which matches the LV ransomware operations. The DeadBolt ransomware operators have been actively targeting QNAP NAS devices and extorting its victims between June and September.
LV ransomware’s strategy to widen its affiliates has enabled them to obtain more robust widespread access across numerous sectors. Therefore, this detail implies that ransomware propagation does depend on not only ability enhancements but also the expansion of interconnected networks.
Currently, the experts suggest that concerned individuals release a fix for the ProxyShell and ProxyLogon vulnerabilities to lessen the infection rate of the LV ransomware. Users should also employ data protection and recovery solutions to counteract ransomware.
