<— Back

Indian Power Sector targeted with latest LockBit 3.0 variant

The top ransomware groups shift their target industry regularly based on their financial motives and vulnerable sectors. After the infamous Conti ransomware group was disbanded, the LockBit group has claimed dominance over other groups this year by working with various Initial Access Brokers. Conti’s former members split up, joining already existing cybercrime groups and started to target energy and power sectors with a new unknown ransomware payload.

The intelligence derived by Quick Heal researchers had already identified the Energy and Power sector as a segment prone to cyberattacks and had increased the vigil on the same. This proactive monitoring proved fruitful soon after we identified one of the recent premium entities attacked in this segment. Our investigation and analysis determined that the new LockBit 3.0 ransomware variant caused the infection that exhibited huge anti-forensic activity with similarities from other variants.

As these ransomware groups increase and evolve with new techniques, an advance warning of these threats is needed to prevent the attacks more than ever. In this paper, we will cover the complete analysis and their attack chain leading to the ransomware payload and changes adopted to their extortion tactics.

Sathwik Ram Prakki

Sathwik Ram Prakki is working as a Security Researcher in Security Labs at Quick Heal. His focus areas are Threat Intelligence, Threat Hunting, and writing detections. He has a background in Offensive Security & Windows Internals and is keen on exploring new detection techniques through Reverse Engineering and Malware Research.

His previous experience at C-DAC under the Ministry of Electronics & IT gave a jumpstart in his cybersecurity career. He graduated from Osmania University in 2019 with a degree in Electronics & Communication and has also completed his Post Graduate Diploma in Embedded Systems & Design at C-DAC in 2020