LockBit: Ransomware Puts Servers in the Crosshairs

LockBit affiliates using servers to spread ransomware throughout networks.

Symantec, a division of Broadcom Software, has observed threat actors targeting server machines in order to spread the LockBit ransomware threat throughout compromised networks.

In one attack observed by Symantec, LockBit was seen identifying domain-related information, creating a Group Policy for lateral movement, and executing a “gpupdate /force” command on all systems within the same domain, which forcefully updates group policy.

Read more…
Source: Symantec