LockBit 2.0 ransomware counters Microsoft Defender and evolves the Windows domain encryption game

Surface Laptop 4 Amd 2021 Hero
Surface Laptop 4 Amd 2021 Hero (Image credit: Daniel Rubino / Windows Central)

What you need to know

  • LockBit 2.0 ransomware-as-a-service has upped its game.
  • It can now encrypt networks via group policy updates.
  • It can be automatically distributed through a Windows domain, with no scripts required.

Cyberthreats such as ransomware grow more devilish by the day. Case in point: LockBit 2.0, a specific breed of ransomware-as-a-service that's escalated the stakes associated with suffering a ransomware attack.

As reported by BleepingComputer, LockBit's been around for a while. As far back as 2019, it was stirring up trouble, offering 70-80% revenue shares to affiliates who used the service-based ransomware while breaching networks and encrypting devices, with the actual developers reaping whatever remained from the software's haul.

LockBit's evolved since those days, keeping up with the latest tech and trends. Now, the world is faced with LockBit 2.0, which can not only encrypt networks via group policy updates but can hijack connected printers to print a non-stop stream of ransom notes (a ransomware feature seemingly designed to get victims' attention).

While the printer spam is self-explanatory, here's a more detailed breakdown of that network encryption item. When bad guys take the reins of a domain controller, LockBit 2.0 then distributes itself to domains. It will create new group policies that cut off Microsoft Defender and its defense mechanisms and create policies that launch the ransomware.

"This is the first ransomware operation to automate this process, and it allows a threat actor to disable Microsoft Defender and execute the ransomware on the entire network with a single command," ethical hacker Vitali Kremez told BleepingComputer.

In short: LockBit 2.0 is no joke, much like other recent security-related concerns to crop up in the Windows-verse, such as how researchers have exposed a TPM-related chink in the armor of corporate Windows laptops (which may or may not present issues for Windows 11).

Robert Carnevale

Robert Carnevale is the News Editor for Windows Central. He's a big fan of Kinect (it lives on in his heart), Sonic the Hedgehog, and the legendary intersection of those two titans, Sonic Free Riders. He is the author of Cold War 2395. Have a useful tip? Send it to robert.carnevale@futurenet.com.