The Menace of LockBit Ransomware: Kerala-Based Companies Among the Latest Victims

In a worrying development, the notorious Russian ransomware group, LockBit, has claimed responsibility for breaching the computer systems of two Kerala-based companies. This revelation came through LockBit's dark web portal, where they listed four Indian companies as their latest victims, including Thrissur-based food production giant Double Horse and garment manufacturer V-Star in Ernakulam.

LockBit's Targets: A Growing List of Indian Companies
LockBit's latest attack extends beyond Kerala, affecting Hyderabad-based pharmaceutical company Hetero and Vadodara's automobile parts manufacturer Vikrant Group. The ransomware group shares images of sensitive information, including bank account details, invoices, purchase orders, supply details, and even employee driving licenses. These pictures suggest that LockBit has compromised individual employee computers or laptops.

The Modus Operandi of LockBit
LockBit ransomware infiltrates computer systems, locking them and demanding a ransom. Failure to pay results in permanent locking of the system and dumping of the accessed data on the dark web. This form of cyber extortion is a growing threat, with LockBit responsible for about 20% of ransomware attacks last year, targeting high-profile entities such as Royal Mail, the UK's National Health Service, Boeing, and numerous international banks.

V-Star's IT officials have acknowledged a cyber attack on their attendance system but reassured that their cloud-based operations remain unaffected. Double Horse has yet to respond publicly to the incident. While the ransom amount remains undisclosed, LockBit has set a deadline of May 15 for payment.

Broader Implications and Response
Falconfeeds.io, a private cybersecurity firm, brought this data breach to light. Its CEO, Nandakishore Harikumar, emphasized the uncertainty surrounding the breach's full impact. He noted that many companies fail to report such incidents to authorities or the Indian Computer Emergency Response Team (CERT-IN), often due to unawareness or reluctance.

LockBit has shown resilience, continuing its operations despite a crackdown by the FBI and other international law enforcement agencies earlier this year. The group has since revived with a more aggressive 3.0 version, known as LockBit Black. Recently, the US government announced a $10 million bounty on Dimitry Yuryevich Khoroshev, identified as the mastermind behind LockBit.

The State of Cybersecurity in India
Reports indicate that 22 Indian companies were targeted by LockBit last year. The ransomware group operates like an organized crime syndicate, exploiting system vulnerabilities to hack into an average of 20 companies daily. They reportedly extorted $120 million in ransom last year, often facilitated through Bitcoin. Weak security protocols and outdated operating systems are major contributing factors to such breaches.

The increasing frequency and sophistication of ransomware attacks underscore the need for robust cybersecurity measures. Companies must prioritize updating their operating systems and implementing comprehensive security protocols to protect against such threats. Awareness and prompt reporting of breaches to relevant authorities can also mitigate the damage and enhance collective cybersecurity resilience.