The LockBit Ransomware Attack On The Chilean Judiciary [CASE STUDY]

HelpRansomware hasanalyzed the ransomware attack, of which the Chilean Judiciary was a victim.

The company, a leader in ransomware removal, cybersecurity, and decryption, has studied the events of late September and how they have affected the court system’s online reputation.

Statement of the Chilean Judiciary

On September 26, the Chilean Judiciary issued a statement announcing a virus attack on their corporate computers with Windows 7 operating system and McAfee antivirus.

The Information Technology Department of the Administrative Corporation of the Judiciary (CAPJ) established that only 1% of the computers were affected.

Of 14,990 computers, 3,500 were running Windows 7, and 150 were victims of the attack.

The deputy director of the CAPJ, Zvonimir Koporcic, starred in a video to analyze the previous data and explained the next step, which is decryption:

“Once we finish changing the antivirus, we will start recovering encrypted data from these 150 computers, though it will not be easy.”

Cyber security alert

The Computer Security Incident Response Team (CSIRT) issued a security alert related to this attack, confirming that it was LockBit Black.

The Chilean Judiciary has not revealed whether the hackers have requested a ransom.

This step is decisive in defeating ransomware and, in general, cybercrime.

Cybercriminals constantly extort their victims by demanding money in exchange for data recovery.

Ransomware targets should know that paying is never the solution for several reasons:

• In most cases, hackers don’t return the files;
• Paying demonstrates weakness; thus, cybercriminals take advantage and demand more money;
• The victims incentivize cybercrime and other practices such as money laundering.

HelpRansomware is a company specializing in ransomware removal and file decryption.

It can help you defeat ransomware legally and get your files back.

LockBit ransomware attacks

LockBit is a RaaS or ransomware as a service, specifically of the Cryptolocker family.

One of his most recent and popular attacks was against Accenture in 2021.

The study of Palo Alto Networks reveals that LocKbit 2.0 has the most significant number of known victims: 850.

In early 2022, the FBI issued an alert for LockBit 2.0 ransomware:

“Leverages bitwise operations to decode strings and load modules necessary to evade detection.”

How did LockBit Black attack the Chilean Judiciary?

In the security alert, CSIRT explained in detail how the LockBit Black infection occurred:

The bat file 123.cmd makes a call to the injector.exe file.

It contains two parameters: the -e parameter, which makes the call to a system file named rdpclip.exe; and the -d parameter, which calls a dynamic link library called lbb.dll.

The lbb.dll library calls others to make the loads within the system for encryption. The sample analysis found the ransomware inside the lbb.dll library and not in the injector.exe executable, which was only a launch vector for the library injection.

This ransomware uses the “rootDSE” object to establish a connection to the active directory.

It can link to the infected domain to replicate itself by obtaining the attribute.

Chilean Judiciary normal operations

Without knowing if they paid the ransom or not, the Minister and spokesperson for the Supreme Court, Ángela Vivanco, reported at a press conference on the normality of the Judicial Power operations:

“The computer equipment and the administrative corporation of the Judicial Power took all the appropriate measures. There was no difficulty, it was possible to get ahead with the hearings, and no room was suspended”.

Four days after the ransomware attack announcement, the Chilean Judiciary reported on Twitter that the courts operating systems were no longer working well.

The complaint of the Chilean Judiciary

Vivanco was in charge of broadcasting a video on the YouTube channel of the Chilean Judiciary to inform that:

“The Corporation has filed a criminal complaint before the 7th Guarantee Court of Santiago regarding those who are responsible because there is no information about the group.”

Likewise, she disclosed the amount accepted by the Treasury to update their computer system.

The Chilean Judiciary has joined the numerous ransomware victims in Latin America, such as the so-called Conti malware that hit the Government of Costa Rica.

What are the recommendations of the Chilean Judiciary?

The Chilean Judiciary recommends some guidelines to prevent ransomware attack.

These tips are very similar to what HelpRansomware always suggests to ransomware victims:

• Have a backup copy to avoid loss of data in case of an attack;
• Have an antivirus program and update it regularly;
• Keep computer software up to date;
• Deactivate the services that users do not use;
• Disable external access to reduce hackers’ options.

Among HelpRansomware services, ransomware prevention consulting is also available.

The professional team helps organizations through personalized service to enhance prevention and protection against ransomware attacks.

Chilean Judiciary: the analysis

HelpRansomware, a leading ransomware decryption company, analyzes how this criminal act has affected the online reputation of the Chilean Judiciary.

The study indicators are:

• Sentiment;
• Positive and negative results;
• Results;
• Emotions;
• Trends.

HelpRansomware has considered the analysis period from September 26 to 30.

The sentiment

It calculates the percentage of users’ positive or negative sentiments on social networks.

The positive sentiment is 0%, and the negative is 61.7%.

On the other hand, the performance of the results refers to the interactions (mentions, likes, comments, videos, etc.) collected in a limited time frame.

In this case, from September 26 to 30.

According to the infographic above, the corporation obtained 523% more results due to the ransomware attack.

It means that the online interest of users in the corporation is nil and grows only due to malware.

This analysis also includes the net sentiment toward the Chilean Judiciary.

It represents the net percentage measured on a scale of -100 to 100.

In the case of the Chilean Judiciary, a net sentiment of -100%.

In short, the feeling generated by the organism is very harmful.

Emotions

HelpRansomware has analyzed the emotions that the corporation produces.

ReputationUP’s proprietary software, the RepUP Monitoring Tool, breaks down the different sentiments as follows:

• Happiness;
• Sadness;
• Fear;
• Anger;
• Surprise.

Anger is the predominant emotion (90.9%), followed by fear (9.1%).

Trends

The software analyzes the trends associated with the Chilean Judiciary from September 26 to 30.

As shown in the image, some of the topics are related to this type of malware:

• Ransomware;
• LockBit;
• Windows;
• Cluster;
• Attack;
• Bailing out;
• Virus;
• Victims;
• Extort;
• Hacking.

All these keywords are in the negative-neutral range and show the speed and interest of Internet users in current affairs.

As seen in the following image, the hashtags associated with the Chilean Judiciary are also related to the attack: #ransomware, #cybersecurity, and #LockBit.

Although the corporation does not have much presence in the network, it has grown negatively with the ransomware attack.

Conclusions

HelpRansomware has analyzed the LockBit attack on the Chilean Judiciary and how the ransomware incident has affected the corporation’s online reputation.

You can draw the following conclusions:

• The ransomware attacked 150 computers with a Windows system and McAfee antivirus;
• It is unknown if the Chilean Judiciary has paid the ransom;
• The corporation communicated as usual but had an interruption of the system;
• The Judiciary issued a complaint, although the perpetrators of the attack are unknown;
• The negative sentiment generated by the corporation to Internet users is 61.7%;
• Anger is the predominant feeling, with 90.9%;
• Most of the keywords and hashtags are related to the ransomware attack.

The online presence of the Chilean Judiciary is deficient, with only 81 results during the attack.

But all of them are negative and related to ransomware.

Therefore, the ransomware attack has affected the digital reputation of the Chilean Judiciary.

The net sentiment over time is -100%.

This real case shows how ransomware takes advantage of the vulnerability of institutions and corporations.

If you are a victim of ransomware, contact HelpRansomware, a company specializing in malware removal, cybersecurity, and decryption.