LockBit Ransomware Side-loads Cobalt Strike Beacon with Legitimate VMware Utility
released on 2022-04-29 @ 10:39:03 AM
LockBit is a Ransomware as a Service (RaaS) operation that has been active since 2019 (previously known as “ABCD”). It commonly leverages the double extortion technique, employing tools such as StealBit, WinSCP, and cloud-based backup solutions for data exfiltration prior to deploying the ransomware. Like most ransomware groups, LockBit’s post-exploitation tool of choice is Cobalt Strike.