Indigo Books & Music will not pay the Lockbit ransomware gang for data stolen last month, according to a news report.
The Globe and Mail report That, in an internal letter emailed to employees Wednesday night, Indigo company president Andrea Limbardi said the gang could make some or all of the stolen employee data available to other crooks as soon as today.
The company’s FAQ on the February 8 attack says that the LockBit strain of ransomware was the malware deployed. “While we do not know the identity of the perpetrators, some criminal groups using LockBit are located in or affiliated with Russian organized crime,” the website statement now says. “We continue to work closely with the Canadian Police Services and the FBI in the United States in their response to the attack.”
Indigo has not said how many employees have been affected. It says names, home addresses, dates of birth, social insurance numbers, bank account numbers and salary deposit information are now in the hands of attackers.
Two years of credit monitoring and identity theft protection services are being offered at no cost to employees.
The news service quoted IndiGo spokeswoman Melissa Perry as saying that, because there is no assurance that any ransom payments “will not end up in the hands of terrorists or others on the sanctions list”, it will not give any money to the attackers.
LockBit operates as a ransomware-as-a-service operation, meaning that affiliates perform the victim’s research and initial compromise before the final payload is deployed. According to researchers at BlackberryIt was involved in more cyber attacks in 2022 than any other ransomware.
Blackberry said LockBit victims pay an average ransom of around US$85,000, suggesting small to medium-sized organizations are most likely to be targeted. However, many big organizations including Indigo have also been hit by it. California Department of FinanceAnd International consulting firm Accenture. Hitting wasn’t even beneath the gang Housing Authority of Los Angeles.
The latest version of the gang’s malware is LockBit 3.0, which some researchers have dubbed LockBit Black due to similarities in code with the BlackMatter ransomware strain. according to trend microIncluding the Harvesting API.
Trend Micro says that the deletion of shadow copies of Lockbit 3.0 has apparently been removed from Blackmatter’s code. This is done using Windows Management Instrumentation (WMI) through COM objects as opposed to using Lockbit 2.0. vssadmin.exe,
The defense against ransomware is the same as for any cyber attack:
- Follow the 3-2-1 rule for backup: Back up files in three copies in two different formats, with one copy stored off-site;
- Educate employees to watch for suspicious email, text and voice messages intended to trick them into clicking links that lead to the download of malware;
- Keep apps and programs up to date with the latest versions and security patches.