"LockBit Developing Ransomware for Apple M1 Chips, Embedded Systems"

The LockBit gang is developing ransomware for new architectures, potentially posing new problems for their victims. Researchers discovered a .ZIP file containing a trove of LockBit malware samples. The samples appear to have come from LockBit's previous variants of encryptors that targeted VMware ESXi hypervisors. The samples targeted FreeBSD and Linux, a growing trend among ransomware actors, as well as a variety of embedded technologies. These include Instruction Set Architecture (ISA) firmware for CPUs such as ARM, MIPS, ESA/390, and PowerPC. There were also samples targeting Apple M1, an ARM-based System-on-Chip (SoC) used in Mac and iPad devices. Researchers noted that the samples were a work in progress, as the macOS sample was unsigned and, therefore, could not be executed as-is. The string encryption method was also simple: one-byte XOR. Nonetheless, if these new ransomware variants make it into the wild, they could benefit LockBit as it strives to remain relevant. This article continues to discuss the LockBit gang developing ransomware for less obvious systems beyond Windows environments.

Dark Reading reports "LockBit Developing Ransomware for Apple M1 Chips, Embedded Systems"