This ransomware spreads across hundreds of devices in no time at all

News
By published

LockBit ransomware can spread by itself to infect other computers on a corporate network

(Image credit: Future)

The LockBit ransomware contains a feature that allows attackers to encrypt hundreds of devices in just a few hours once they've breached a corporate network.

LockBit is a fairly new Ransomware-as-a-Service (RaaS) that was launched in September of last year. The developers of the ransomware are in charge of maintaining its payment site and updates while affiliates sign up to distribute the malware. LockBit's developers then earn around 25-40 percent of the ransom payments received while the affiliates earn a slightly larger share at 60-75 percent.

Researchers from McAfee Labs and the cybersecurity firm Northwave have published a joint report revealing how a LockBit ransomware affiliate hacked into a corporate network and encrypted 25 servers and 255 workstations in just three hours.

The hackers began their attack by brute-forcing an administrator account through an outdated VPN service. This gave them the administrative credentials they needed in order to deploy the LockBit ransomware on the network.

Self-spreading ransomware

According to analysis by McAfee, the LockBit ransomware includes a feature that allows it to spread to the rest of the computers on a network by itself.

In addition to encrypting a target device's files, LockBit also performs ARP requests to find other active hosts on a network and attempts to connect to them over Server Message Block (SMB) protocol. If the ransomware is successfully able to connect to a computer via SMB, it then issues a remote PowerShell command to download the ransomware and execute it.

As LockBit spreads to more computers on a network, these computers are then used to help speed up the deployment of the ransomware to the remaining devices on the network. This feature is what makes LockBit so dangerous because unlike other kinds of ransomware, it can spread by itself and at a much greater pace.

Since LockBit doesn't require a great deal of skill to deploy, expect this ransomware to continue to grow and expand as more cybercriminals become affiliates.

Via BleepingComputer

Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Latest in Security
Close up of a person touching an email icon.
Criminals are using CSS to get around filters and track email usage
DeepSeek on a mobile phone
More US government departments ban controversial AI model DeepSeek
Ransomware
Fortinet firewall bugs are being targeted by LockBit ransomware hackers
Trojan
Microsoft warns of a devious new RAT malware which can avoid detection with apparent ease
NordProtect logo
Standalone identity theft protection from Nord Security is now available
A man holds a smartphone iPhone screen showing various social media apps including YouTube, TikTok, Facebook, Threads, Instagram and X
Ofcom cracks down on UK tech firms, will issue sanctions for illegal content
Latest in News
Helly and Mark standing on an artificial hill surrounded by goats in Severance season 2 episode 3
New Apple teaser for Severance season 2 finale suggests we might finally find out what Lumon is doing with those goats, and I don't think it's anything good
Marvel Rivals
Marvel Rivals' next update will add two new hero skins for Iron Man and Spider-Man mains this week
Nvidia Isaac GROOT N1
“The age of generalist robotics is here" - Nvidia's latest GROOT AI model just took us another step closer to fully humanoid robots
Lego Pokemon
Pokemon and Lego announce the most electrifying collaboration of all time and I’m going to be first in line
Apple Watch app health
Apple Watch blood pressure monitoring tech revealed in patent
Using Zipped files and folders in Windows 11
Hidden clues suggest Microsoft is moving another part of Windows 11’s Control Panel to the Settings app – and this time it’s mouse options
More about security
Close up of a person touching an email icon.

Criminals are using CSS to get around filters and track email usage
Ransomware

Fortinet firewall bugs are being targeted by LockBit ransomware hackers
Saw

Saw XI has reportedly been 'quietly canceled' and I'm not ready to call time on Jigsaw's twisted games
See more latest
Most Popular
Nvidia DGX Station
Nvidia’s DGX Station brings 800Gbps LAN, the most powerful chip ever launched in a desktop workstation PC
NVIDIA RTX PRO 6000 Blackwell Server Edition
Nvidia launches its fastest GPU ever: Nvidia RTX Pro 6000 Blackwell Workstation Edition is an enhanced version of the RTX 5090 with more of everything
A still from the movie She Will
Everything leaving Hulu in April 2025
Nvidia Blackwell Ultra
Nvidia GTC 2025: New Blackwell Ultra GPU series is the most powerful AI hardware yet
Nvidia Isaac GROOT N1
“The age of generalist robotics is here" - Nvidia's latest GROOT AI model just took us another step closer to fully humanoid robots
TeamGroup D500R ISD WORM SD card
This SD card is the spiritual child of the CD-ROM (and the DVD-ROM) as it can only be written on once
Steve Martin and John Mulaney during the “50th Monologue” sketch on February 16, 2025
Forget Netflix, I tuned into Peacock to watch the SNL 50 special and it went off without a hitch – here’s why it’s built for live-streaming
Marvel Rivals
Marvel Rivals' next update will add two new hero skins for Iron Man and Spider-Man mains this week
Helly and Mark standing on an artificial hill surrounded by goats in Severance season 2 episode 3
New Apple teaser for Severance season 2 finale suggests we might finally find out what Lumon is doing with those goats, and I don't think it's anything good
HP LaserJet 8501x
HP launches world's first printers that can resist quantum computer attacks