Lockbit 3.0 ransomware group claims to have hacked the Ministry of Commerce and Industry (MOCI) of Kuwait. The website of the Ministry of Commerce and Industry was fully accessible at the time of writing.
According to the post on the ransomware gang’s leak site, the deadline for ransom payment is March 16, 2023. It threatened to leak all the data exfiltrated from the ministry servers.
The ministry is yet to reply to the requests made by The Cyber Express to comment on the development.
Kuwait, Middle East and ransomware attacks
Organisations whose data came up on dedicated leak sites (DLS) between H2 2021 and H1 2022 went up 22% year-on-year to 2,886, according to a report by cybersecurity company Group-IB. This means that about eight companies face data leak online every single day.
According to the report. about 150 companies in the MEA region had their information leaked on DLS during the reporting period. In the GCC region in particular 42 companies had their data, files, or information published on DLS following ransomware attacks.
Firms in the UAE (33%) and Saudi Arabia (29%) topped the list, followed by Kuwait (21%), Qatar (10%), Oman (5%), and Bahrain (2%). In terms of industries, the energy, telecoms, IT and manufacturing sectors were frequently targeted.
Targeted ransomware attacks on manufacturing sector, coupled by geopolitical tensions, has put industries on the spotlight, according to the 2022 Dragos ICS/OT Cybersecurity Year in Review.
The year saw a breakthrough in the evolution of malware made to hit the industrial control systems (ICS), said the report.
“As in previous years, the ICS/OT community has managed a growing number of vulnerabilities, many without the right mitigations needed to reduce risk and maintain operations,” commented Omar Al Barghouthi, Regional Director, Middle East, at Dragos.
“Meanwhile electric grids, oil and gas pipelines, water systems, and manufacturing plants continued to struggle with more complex regulatory environments that demand marked progress in shoring up defences.”
Changing modus operandi of ransomware groups
LockBit relies on the ransomware-as-a-service (RaaS) model and uses a double extortion method to extort money while disrupting services. In single extortion techniques, threat actors encrypt the data, in double extortion, they exfiltrate the data. In triple extortion, they may launch a Distributed Denial of Service attack while in quadruple extortion, they contact the individuals impacted by the cyberattack by misusing the stolen user data from the target.
LockBit ransomware group has increasingly targeted government organizations with ransomware attacks adding not one but several targets to its leak site at once. When victims would end up paying a ransom after finding their data encrypted, that remained the main cyberattack.
LockBit launched its first ransomware bug bounty program called LockBit 3.0 in June 2022. In its effort to develop its technique, the ransomware group tested a beta for two months and then invited researchers to help cyber criminals to find any technical issues or vulnerabilities in its tools.
They also offered a reward from $1,000 to $1 million, saying “We invite all security researchers, ethical and unethical hackers on the planet to participate in our bug bounty program. The amount of remuneration varies from $1000 to $1 million,” on the LockBit 3.0 bug bounty page.
However, with organizations becoming more resilient to threats and cyberattacks by having backups of data to avoid delaying services, cybercriminals are trying to extort money with more threats added to their criminal activities.
Resilience seems to be the key as according to research, the number of ransomware attacks has been found to have dropped in number this January as compared to December, last year.