LockBit 2.0 ransomware counters Microsoft Defender and evolves the Windows domain encryption game

Ransomware continues to evolve.

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

What you need to know

What you need to know

Cyberthreats such as ransomware grow more devilish by the day. Case in point: LockBit 2.0, a specific breed of ransomware-as-a-service that’s escalated the stakes associated with suffering a ransomware attack.

As reported byBleepingComputer, LockBit’s been around for a while. As far back as 2019, it was stirring up trouble, offering 70-80% revenue shares to affiliates who used the service-based ransomware while breaching networks and encrypting devices, with the actual developers reaping whatever remained from the software’s haul.

LockBit’s evolved since those days, keeping up with the latest tech and trends. Now, the world is faced with LockBit 2.0, which can not only encrypt networks via group policy updates but can hijack connected printers to print a non-stop stream of ransom notes (a ransomware feature seemingly designed to get victims' attention).

While the printer spam is self-explanatory, here’s a more detailed breakdown of that network encryption item. When bad guys take the reins of a domain controller, LockBit 2.0 then distributes itself to domains. It will create new group policies that cut off Microsoft Defender and its defense mechanisms and create policies that launch the ransomware.

“This is the first ransomware operation to automate this process, and it allows a threat actor to disable Microsoft Defender and execute the ransomware on the entire network with a single command,” ethical hacker Vitali Kremez told BleepingComputer.

In short: LockBit 2.0 is no joke, much like other recent security-related concerns to crop up in the Windows-verse, such as how researchers have exposed aTPM-related chink in the armorof corporate Windows laptops (which may or may not present issues forWindows 11).

Get the Windows Central Newsletter

Get the Windows Central Newsletter

All the latest news, reviews, and guides for Windows and Xbox diehards.

Robert Carnevale is the News Editor for Windows Central. He’s a big fan of Kinect (it lives on in his heart), Sonic the Hedgehog, and the legendary intersection of those two titans, Sonic Free Riders. He is the author ofCold War 2395. Have a useful tip? Send it to robert.carnevale@futurenet.com.