Powerful threat prediction, prevention, detection, and response along with compliance in a scalable, simple managed solution.
All-in-one networking solution that combines network connectivity, agility, security, and compliance in an affordable managed solution.
Accelerate business growth through our award-winning partner program.
Published: August 15, 2021
A new version of the LockBit 2.0 ransomware has been identified that automates the encryption of a Windows domain using Active Directory group policies. LockBit threat actors are actively exploiting existing vulnerabilities in the Fortinet FortiOS and FortiProxy products, identified as CVE-2018-13379, in order to gain initial access to specific victim networks. If these components are in use, please review the mitigation guidance.
The LockBit variant exploits vulnerable Fortinet components to gain access. Once the threat actor gets into the network and gains control of the domain controller, they distribute the payload through group policies - disabling Microsoft Defender's real-time protection (LockBit ransomware now encrypts Windows domains using group policies).