No user too small to target: A look at the new LockBit ransomware 

Sponsored

It is no secret that ransomware attacks are on the rise, and attackers are finding new ways to access our systems. While malicious emails remain a constant, we are seeing an increase in compromises of trusted software. This increase is coming as extortion gangs become more organized and learn from each other. A great example of the evolution of malware is LockBit, which had already taken on some of the traits of Maze, but with LockBit 2.0 now also showing similarities to Ryuk and Egregor. 

With the improvements in ransomware, and improved malicious access to our computers, what is the worst that can happen if an attack gets through? The problem is too many people ask this question as a way to justify inaction, rather than as a justification for implementing the cybersecurity measures that they should.  

There is an answer to the question, of course. The worst that could happen is being unprepared for an attack, allowing it to run rampant on your computers – stealing data, encrypting files, and enabling future attacks that take advantage of the information uncovered in the initial attack.  

With that in mind, let’s take a look at just how bad a broken security posture can be. 

It won’t happen to me 

The default security on my computer should be enough to keep me safe, right? After all, I’m just an individual, not a large multinational corporation – I’m too insignificant to be targeted. 

Thinking like that allows attackers into our computers. The fact is that extortion schemes are constantly changing, and the criminal use of automation means attackers can target individuals and small businesses as easily as they can a global corporation. As a result, we have seen ransomware hit large corporations, individuals, and everything in between. When these attacks happen, we could lose everything on any computer connected to our home networks.  

With LockBit now rising to the top of the heap as a leading extortion gang, their ransomware is a great example of what happens when you are inevitably attacked. Let’s assume that the attack begins with a vulnerability in a trusted piece of software: a browser, a game, or maybe even Windows. 

Oh, it’s happening 

LockBit 2.0 is a very efficient piece of ransomware, and you may not even notice it running on your computer. It follows what has become a typical practice of being selective in the files that are encrypted. This approach helps to ensure that the computer continues operating as expected, while all of your important documents, pictures, and other files you may not want to lose are being encrypted. 

As you can see in these screenshots, common documents and other select files have .lockbit added to the end of the file name, while applications and less common file types have been left untouched. This tactic buys time for the ransomware to complete its job while you are browsing the internet, watching movies, or whatever else you may use your computer for. Once you try to open a picture or document, you’ll find that it no longer opens.  

If you are like most people, you might not even see these file extension changes, since this requires a change from the default settings. What you will notice is that the icons change to the blank page icon. By now, it’s too late. You can try changing the file extension back to the default for the file, but the file has been encrypted, and can no longer be opened by the computer. 

Once the files have been encrypted, a ransom note is dropped in any directory with encrypted files. In the case of LockBit, this file is named Restore-My-Files.txt. Once all relevant files are done being encrypted, LockBit 2.0 changes your desktop background to alert you to read this file, then shuts itself down. 

I can stop this! 

Maybe you happen to notice your files being encrypted early in the process. No problem, just restart the computer to stop the ransomware from running, right? It’s a nice thought, but by the point files are being encrypted, LockBit has already updated the settings to automatically start it when the computer restarts. The encryption process will begin immediately on startup, and will continue until everything relevant has been encrypted.  

This type of persistence is common in ransomware, because the attackers want to ensure that they steal and encrypt as much of your data as they can. 

What’s the point then? 

If ransomware is used on any target that the attackers can find, and it’s nearly impossible to stop once it’s found its way in, what is the point of worrying about it? Again, the answer is simple, because you can take steps to stop it before it starts.  

Now is the time to look into options for securing your computers, rather than waiting until after all of your data is lost. Make sure that you have a multi-layered solution like Acronis that protects against ransomware, and other types of malware, and even provides a protected backup solution to be able to restore files if something does happen to get past the other measures you have in place.  

With attackers constantly looking for new ways to get in and infect your computer, it is more important than ever to plan for any potential attacks, and implement a solution that will minimize any damage or inconvenience this may cause. 

[In the next part of this three-part series, we’ll look at how to counter the LockBit infection.] 

Topher Tebow is a cybersecurity researcher, focusing on community collaboration and threat analysis. Topher has been working with malware and other cyberthreats for more than a decade, beginning with web-based malware before moving into endpoint protection. Topher has written technical content for several companies, covering topics from security trends and best practices, to the analysis of malware and vulnerabilities. In addition to being published in industry publications like Cyber Defense Magazine and Security Boulevard, Topher has contributed to articles by several leading publications, and spoken at international cybersecurity events.

How to Update Your iPhone or iPad without Wi-Fi (over Cellular)

A new exploit has been patched by Apple for iOS devices – the iOS 14.8 update fixes the vulnerability that the ‘Pegusus‘ spyware uses.

Updating your iOS device is easy if you have Wi-Fi, but if you only have cellular, you’ll see a message saying ‘This update requires a Wi-Fi network connection to download’.

If you have access to another device, you can hotspot your iOS device to that and run the update. If you don’t, there’s another trick you can do to allow downloading the update over cellular:

How to update iOS over cellular

  1. Go to Settings
  2. Go to General
  3. Go to Software Update
  4. The screen should say you need to be connected to Wi-Fi and the ‘Download and Install’ option greyed o
  5. Go back to General
  6. Go to Date & Time
  7. Turn off Automatic Time
  8. Set Month three months ahead (right now that would be from October to December)
  9. Go back to General
  10. Go to Software Update
  11. Press ‘Download and Install’
  12. While that runs, Go to General
  13. Go to Date & Time
  14. Turn on Automatic Time

Applies To: iOS

It’s worth noting that I tested going a year ahead, and the update wouldn’t download, but 3 months ahead did work.

I believe this is design by Apple to avoid people downloading large amounts of data over their mobile plan, but the updates get to an age where Apple deem them critical, and it’s then better to get the update over cellular than not at all.

I hope Apple address this properly and have a toggle on the screen to just choose to download the update over cellular, with a warning about high data usage (iOS 14.8 is almost 1GB).

EA Play Chat Support

Had to share this one. I had finished setting up my new gaming PC and wanted to try a game – so thought Battlefield V would do the trick, which is ‘free’ under my Xbox Game Pass Ultimate subscription, which gives access to EA Play. Except, it doesn’t work, and doesn’t say why:

Anyway, I decided to use EA’s online chat support. Unsurprisingly, it’s not a fun experience – because online chat support rarely is. I’d already spoken to them once where their suggestion was to uninstall and reinstall the EA Desktop app, and I was coming back the next day on the same case to tell them it hadn’t worked. Read on…

Mamta (9/9/2021, 8:58:55 PM): Thank you for contacting EA HELP, my name is Mamta, may I start with your first name please?
Adam (9/9/2021, 8:59:11 PM): Adam
Mamta (9/9/2021, 8:59:48 PM): Hello Adam, nice to meet you! Hope you’re doing fine.
Adam (9/9/2021, 9:00:10 PM): Thanks you too
Mamta (9/9/2021, 9:00:27 PM): So, how may I help you today Adam?
Adam (9/9/2021, 9:01:07 PM): Case #89886608
Adam (9/9/2021, 9:01:16 PM): returning back after doing what I was told, hasn’t changed anything
Adam (9/9/2021, 9:01:27 PM): There also seems to be other seeing the same issue as me https://answers.ea.com/t5/EA-General-Questions/not-currently-playable/m-p/10710162#M373028
Mamta (9/9/2021, 9:01:57 PM): Okay! Let me see the case first and I’ll try to help you in the best way possible.
Mamta (9/9/2021, 9:03:45 PM): So as per the details provided by you, you’re unable to launch any game using X box game pass.
Adam (9/9/2021, 9:04:35 PM): yes
Adam (9/9/2021, 9:04:44 PM): my ea play account shows ‘play’ next to my name
Adam (9/9/2021, 9:05:13 PM): and logging onto my ea account it says EA Play with Xbox Game Pass
Mamta (9/9/2021, 9:06:19 PM): I am sorry you have had to deal with this, Let me just go through the account first and pull out certain details.
Adam (9/9/2021, 9:07:51 PM): ok
Mamta (9/9/2021, 9:08:25 PM): So, before moving a head could you please help me with your resisted email account with EA?
Adam (9/9/2021, 9:09:19 PM): xyz@xyzc.com
Mamta (9/9/2021, 9:09:34 PM): Thank you! I am sending you a six-digit verification code to the email linked to your account so that I can verify your account from my end.
Adam (9/9/2021, 9:10:44 PM): 701367
Mamta (9/9/2021, 9:12:07 PM): Thank you for the verification Adam! Now could you please explain what type of error are you getting while starting the game.
Adam (9/9/2021, 9:13:10 PM): i cant start the game – the error is what I logged for this case “Not currently playable Unavailable This item can’t be purchased or played at this tim‎e”
Mamta (9/9/2021, 9:14:37 PM): I can see why you would be upset, Please allow some moments to work on your issue.
Adam (9/9/2021, 9:14:41 PM): all play games I havent played before seem to be like this
Mamta (9/9/2021, 9:15:30 PM): Okay! Let me see what I can do from my end.
Mamta (9/9/2021, 9:18:48 PM): So Adam what all troubleshooting steps you have attempted till now? This information would help us to not repeat any troubleshooting step.
Adam (9/9/2021, 9:19:07 PM): uninstalled and reinstalled the client
Mamta (9/9/2021, 9:22:08 PM): Okay, thanks for the information. Now we’ll move further. Allow me few moments.
Adam (9/9/2021, 9:23:07 PM): also tried on another computer and I see the same problem
Mamta (9/9/2021, 9:23:16 PM): Adam which Xbox are you using to play the game?
Adam (9/9/2021, 9:23:34 PM): its on PC not Xbox
Mamta (9/9/2021, 9:24:32 PM): I apologize for that, let me go through the details of your account.
Mamta (9/9/2021, 9:26:42 PM): Adam could you please confirm whether the network you’re using is a wired or wireless connection.
Adam (9/9/2021, 9:27:04 PM): wired
Mamta (9/9/2021, 9:27:55 PM): Thank you for confirming that! Going ahead with your issue, please stay connected.
Mamta (9/9/2021, 9:29:23 PM): Adam could you confirm the EA Desktop or Origin you’re using is up to date.
Adam (9/9/2021, 9:30:01 PM): yes it is
Mamta (9/9/2021, 9:30:24 PM): That’s great! Hold on a moment Adam.
Mamta (9/9/2021, 9:34:00 PM): Also Adam, I hope you’re running your game as an Administrator please confirm.
Adam (9/9/2021, 9:35:32 PM): yes i am
Mamta (9/9/2021, 9:36:31 PM): Great! Still working on the issue, stay connected!
Mamta (9/9/2021, 9:42:04 PM): Adam it’s taking a bit long then usual. Please stay connectd.
Adam (9/9/2021, 9:46:02 PM): its been 45 minutes so far and we haven’t really done anything
Mamta (9/9/2021, 9:48:51 PM): Adam could you please help me with your Gamer Tag.
Adam (9/9/2021, 9:49:59 PM): gamertag
Mamta (9/9/2021, 9:50:49 PM): Thanks for the information, I’m checking the details. Please allow me few moments.
Mamta (9/9/2021, 9:55:20 PM): Thank you Adam for being connected, as I can see here your you haven’t linked your game pass with your EA account I would request to please kindly contact for the same.
Adam (9/9/2021, 9:56:44 PM): how do I do that, my profile says I already have
Mamta (9/9/2021, 9:59:49 PM): Let me see, if I could help you in this.\
Mamta (9/9/2021, 10:02:11 PM): I apologies there was some technical glitch, as I’m able to see your Game Pass now. However I wouldn’t able to assist you in this matter and request you to contact Twitch for more information.
Adam (9/9/2021, 10:02:34 PM): What has Twitch got to do with this?
Mamta (9/9/2021, 10:04:09 PM): I’m sorry I mean to say “Microsoft”.
Adam (9/9/2021, 10:04:40 PM): I logged this with them first and they said it was an EA problem?
Mamta (9/9/2021, 10:09:41 PM): I really apologize for such a long wait Adam.
Mamta (9/9/2021, 10:11:45 PM): As I have double checked this is a known issue from our end, we have seen that more players are encountering the same issue our team is working to fir this.
Adam (9/9/2021, 10:12:44 PM): so if it’s a problem your end why did you tell me to talk to Microsoft?
Adam (9/9/2021, 10:14:14 PM): How will I find out when this is resolved?
Mamta (9/9/2021, 10:15:14 PM): I really apologize for the miss-information, however when I have checked your account and error provided by you I saw that this is a known issue and many players are facing the same.
Mamta (9/9/2021, 10:16:56 PM): Sadly. As of now we don’t have any update regarding this but we’re still working on this issue.
Adam (9/9/2021, 10:18:31 PM): So will I get contacted when it’s resolved?
Mamta (9/9/2021, 10:21:14 PM): Let me check it for you. Please allow me few moments.
Mamta (9/9/2021, 10:26:05 PM): Thanks for waiting patiently for this issue you can check our official forums whether this issue is resolved or not and yes you will connected when this issue gets resolved.

It was at that stage, almost 1 and a half hours into it, that I closed the browser.

Microsoft Viva replaced MyAnalytics emails

Today I noticed for the first time, that the MyAnalytics emails that were coming through weekly, showing where your time was being spent, emails you may need to respond to etc had been replaced by Microsoft Viva. There’s also a post in TechCommunity covering this in detail.

The previous MyAnalytics emails would come in weekly, and be broken up into different editions – Wellbeing, Focus, Collaboration or Network edition. This new monthly digest indicates Microsoft Viva is the way forward. Note that this still works the same way as MyAnalytics where the contents of the email are private to you, and do not come as a normal email that would be trackable (more details in my MyAnalytics article)

The new emails still (for now) link back to the https://myanalytics.microsoft.com/ domain which again for now, shows the message that it’s becoming Microsoft Viva:

That ‘Learn more’ link takes you here: https://www.microsoft.com/en-au/microsoft-viva/insights/?s=mya with some details around Microsoft Viva. One of the main links there takes you to Viva Insights on Teams, which is the Insights addin option that’ll show up on the left menu and take you to the Viva Insights Home page.

The Stay Connected tab is worth checking out, as it will highlight email conversations it thinks are things you need to do, or highlight people (team members for me) that you don’t have a 1 on 1 meeting scheduled for the next twk weeks.

Going back to the web page for Microsoft Viva, there’s a lot more content then when I looked when it first launched. One section I thought was notable was under Network, you can see your Top Collaborators and their read percent and response time of emails.

My point on all this, is that there’s a lot going on here. People may find it and have questions around it, especially when these emails are generated to all staff by default. Someone may have stumbled across the ‘Delay Delivery enabled’ option and turned it on, then forgotten about it later, complaining about emails being slow to get to customers or clients:

What we’re seeing above with Microsoft Viva and MyAnalytics (now Viva Insights) is only a part of the full Microsoft Viva solution too – there’s also Viva Connections, Viva Topics and Viva Learning:

Viva Connections and Viva Insights are generally covered under an existing license, but Viva Topics and Viva Learning are at an extra cost.

Lenovo ThinkPad X1 Yoga Gen 6

Lenovo’s X1 Yoga for 2021 is now out – the 6th generation in the line of X1 Yogas, bringing in several changes to the line. We’ve come a long way from the first release too, but in essence it’s still an all-rounder laptop that can be flipped and rotated in all different ways, with a stylus and touch screen to provide an adaptable piece of hardware.

Specs

Tech Specs

ProcessorUp to 11th Generation Intel® Core™ i7-1185G7 Processor with vPro™ (3.00 GHz, up to 4.80 GHz with Turbo Boost, 4 Cores, 8 Threads, 12 MB Cache)
Operating System– Windows 10 Home
– Windows 10 Pro
– Linux Ubuntu
Display– 14″ UHD+ 4K (3840 x 2400) IPS, anti-reflection, anti-smudge, touchscreen with Dolby Vision™, HDR, 500 nits, 90% DCI P3 Color Gamut, TÜV Rheinland-certified for reduced blue light emissions
– 14″ FHD+ (1920 x 1200) IPS, anti-glare, touchscreen with Privacy Guard, 500 nits 14″ FHD+ (1920 x 1200) IPS, anti-glare, touchscreen, 400 nits, TÜV Rheinland-certified for reduced blue light emissions
– 14″ FHD+ (1920 x 1200) IPS, anti-reflective, anti-smudge, touchscreen, low power, 400 nits Screen to body ratio = 83%; aspect ratio = 16:10
MemoryUp to 32 GB LPDDR4x 4266MHz
BatteryUp to 16.1 hours 57Whr (MM18) Rapid Charge (requires 65W PSU or higher)
StorageUp to 1TB PCIe SSD
GraphicsIntegrated Intel® Iris® XGraphics
Security– Discrete Trusted Platform Module (dTPM) 2.0
– Optional: Human-presence detection sensor with IR camera
– Smart Power On fingerprint reader integrated with power button (match-on-chip)
– Webcam privacy shutter
– Kensington lock slot
AudioDolby Atmos® Speaker System
– 4 x 360-degree far-field mics
– Dolby Voice® professional conferencing solution
Camera720p HD with webcam privacy shutter Optional: Hybrid infrared (IR) / 720p HD with webcam privacy shutter
Dimensions (H x W x D)14.9mm x 313mm x 223mm x / 0.59″ x 12.32″ x 8.77″
WeightStarting at 3 lbs (1.35 kg)
ColorStorm Gray
CertificationsEnergy Star® 8.0 EPEAT® Gold
Connectivity– Optional: WWAN* Qualcomm Snapdragon X55 5G Modem-RF System 
– Optional: WWAN* Quectel EM120R-GL 4G LTE CAT12
– WLAN: Up to Intel® AX201 WiFi 6 802.11AX (2 x 2) with vPro™
– Bluetooth® 5.1 *
Ports / Slots– 2 x USB 4 Type-C with Thunderbolt™ 4 (DisplayPort, Power Delivery and Data Transfer)
– 2 x USB-A 3.2 Gen 1 (One always on)
– Headphone / mic combo
– HDMI 2.0
– Optional: Nano SIM slot
KeyboardSpill-resistant Color-matched keyboard with wider 110mm / 4.33″ TrackPad Backlit with white LED lighting Call-control keys (F9-F11)
Supported DockingUSB-C Dock ThinkPad Thunderbolt™ 4
What’s in the box– ThinkPad X1 Yoga Gen 6
– 65W AC Adapter (Supports Rapid Charge)
– 57Whr Internal Battery
– ThinkPad Pen Pro
– Quick Start Guide

I’ll cover the components I think are worth discussing:

Processor

Intel’s 11th Gen CPU is inside the Yoga X1 Gen 6. Tom’s Hardware do a good comparison of the differences and benchmark comparisons between 10th and 11th gen mobile Intel CPUs, with some rather large graphics and gaming improvements due to the Iris Xe Graphics’ capabilities. As expected, the CPU is a bit faster overall :)

Display

Some big changes here. The first obvious difference is the resolution – 1920 x 1200 instead of the usual 1920 x 1080. This is due to the screen ratio change, 16:10 instead of the 16:9 it used to be. The result is a little bit more space top to bottom, which is actually handy to have. If you have corporate backgrounds deploying out a 1920 x 1080 picture, you might need to adjust it to look good on this screen too.

Memory

The first X1 Yoga to have 32GB of RAM as an option! Nice if you’re planning on some grunt work, like running a few virtual machines.

Battery

The ~16 hours claimed battery life is quite high – so this should get you through a full working day without needing to plug in. Previous models were way over the 8 hour mark too, which to me would be the goal of battery life – last a working day so if you’re travelling, you’re not looking for a power point.

Graphics

Intel’s onboard graphics are still plenty good for general use, even light gaming. Note that Intel claim “Gamers can play fast and hard with new Intel® Iris® Xe graphics featuring up to 1080p 60FPS for more detailed, immersive gaming.”. I’m sure AAA gaming titles will need to be played on low/medium settings, but depending what you play and your expectations, this might be fine (low graphics quality games like Among Us are fine!).

Camera

We’re still at 720p for some reason – which is not isolated to Lenovo. I’m hoping next year we see 1080p as the standard resolution of inbuilt cameras, especially on premium laptops.


As usual, Lenovo progresses forward while keeping the fundamental reason Yogas exist – a flexible device that provides an all round experience. Going all the way back to the X1 Yoga Gen 1 I said the same thing. Now we have a few different laptop options in the ThinkPad series such as the X1 Nano and the X1 Fold (which I’d love to get my hands on), while the X1 Carbon is up to the 9th Generation – a very nice, thin laptop, but no touch screen.

Also worth noting is the touchpad is bigger on the X1 Yoga Gen 6, so this could be a deciding factor if comparing it to older models.

I’m sticking with the X1 Yoga still, but we’ll see what new devices Lenovo come out with, and if they’ll tempt me with something different and new!

For some more photos and a comparison to the Lenovo ThinkPad X1 Yoga Gen 5, check out my other post Fifth and Sixth Generations of the Lenovo ThinkPad X1 Yoga.

*Although I am in a program with Lenovo (called Lenovo Insiders), no direct arrangements were made regarding this review or providing of hardware.