Lockbit - Ransomware
The Ransomware-as-a-Service (RaaS) hit the threat landscape in September 2019 and was discovered to have breached a company and encrypt the entire network in a few hours. The attacker performed a brute force attack on a web server containing an outdated VPN service. The operation used SMB to perform network reconnaissance and then used the internal Microsoft Remote Access Server to gain access to remote systems. Lockbit attempts to stop multiple services including those belonging to anti-virus, databases, webservers, and other applications.