Brazil: CTIR warns on the advance of Lockbit ransomware
The Brazilian Centre for Prevention, Treatment, and Response to Government Cyber Incidents ('CTIR') launched, on 4 December 2021, Alert No. 07/2021 on the Lockbit ransomware. In particular, the CTIR informed that an increase in cases involving the Lockbit malware has been observed by the Brazilian Government. Furthermore, the CTIR explained that Lockbit is a ransomware-type malware that aims to encrypt victims' data in order to request a ransom and that it differs from other types of ransomware since it is able to perform, starting from an initial infection, various tactics and techniques to complete its objective.
Moreover, the CTIR informed that the initial ransomware attack of Lockbit takes place in several ways, including phishing, among other things. In this sense, the CTIR recommended an analysis of organisational networks in order to prepare for threats from ransomware attacks, by seeking to implement the following prevention measures:
- keeping operating systems up-to-date;
- always keeping an offline backup;
- regularly searching for vulnerabilities in the company network;
- applying the principle of least privilege;
- limiting the use of remote access services;
- using strong passwords; and
- implementing multi-factor authentication.
You can read the Alert, only available in Portuguese, here.