Protect from a Cybersecurity Breach: Learn from Evolve Bank

Image of Evolve Bank & Trust building engulfed in digital flames, symbolizing a cybersecurity breach by ransomware.
Posted by on | Featured
Image of Evolve Bank & Trust building engulfed in digital flames, symbolizing a cybersecurity breach by ransomware.

In late May 2024, Evolve Bank & Trust identified a significant cybersecurity breach that has had far-reaching implications. This breach, perpetrated by the notorious LockBit 3.0 ransomware group, resulted in the theft and subsequent exposure of critical personal data on the dark web. This article delves into the technical aspects of the breach, the methods employed by the attackers, and strategies to safeguard businesses against such threats. Additionally, we will outline how Guilda can assist in fortifying your cybersecurity defenses against a cybersecurity breach.

What Happened?

Evolve Bank & Trust experienced a ransomware attack initiated by the LockBit 3.0 group. The breach was identified when some of Evolve’s systems began malfunctioning, initially believed to be a hardware failure. Upon further investigation by cybersecurity specialists, it was determined that the system disruptions were due to unauthorized activity.

The timeline of the attack is as follows:

  • June 14, 2024: Evolve received a cease-and-desist order to improve its risk management.
  • June 26, 2024: The bank publicly confirmed the breach and began notifying affected individuals.
  • June 27-28, 2024: Further details emerged, revealing the involvement of LockBit 3.0.

How Did the Hackers Bypass Security Mechanisms?

The LockBit 3.0 group gained unauthorized access through a phishing attack. An employee inadvertently clicked on a malicious link, allowing the attackers to infiltrate the network. Once inside, the attackers leveraged vulnerabilities in Evolve’s security setup to escalate their privileges and move laterally within the network. They employed the following techniques:

  • Phishing: A targeted phishing email tricked an employee into clicking a malicious link, which downloaded malware onto the system.
  • Privilege Escalation: Using the malware, attackers exploited vulnerabilities to gain administrative access.
  • Lateral Movement: With elevated privileges, they navigated through the network to locate valuable data.
  • Data Exfiltration: The attackers encrypted sensitive data and exfiltrated it to external servers.
  • Ransomware Deployment: Finally, they deployed ransomware to encrypt data, demanding a ransom for decryption keys.

Who is LockBit 3.0?

LockBit 3.0 is a ransomware-as-a-service (RaaS) group that rents its tools to affiliates in exchange for a portion of the ransom proceeds. This Russian-linked cybercriminal organization is known for its sophisticated attacks on high-profile targets, demanding ransoms and threatening to leak stolen data if their demands are not met. LockBit 3.0 has a history of targeting financial institutions, healthcare providers, and other critical infrastructure sectors.

How Do They Operate?

LockBit 3.0 operates by:
  • Recruiting Affiliates: They lease their ransomware tools to other cybercriminals.
  • Exploiting Vulnerabilities: Affiliates use various methods like phishing, exploiting software vulnerabilities, and brute force attacks to gain initial access.
  • Encrypting Data: Once inside, they encrypt the victim’s data, making it inaccessible without the decryption key.
  • Demanding Ransom: They demand a ransom payment in exchange for the decryption key and threaten to release sensitive data if not paid.
  • Leaking Data: If the ransom is not paid, they often leak the stolen data on dark web forums.

What to Do in Case of a Cybersecurity Breach?

If your business falls victim to a ransomware attack, here are the steps to take:
  • Isolate Infected Systems: Disconnect affected systems from the network to prevent further spread.
  • Notify Authorities: Report the incident to law enforcement and relevant regulatory bodies.
  • Engage Incident Response Teams: Work with cybersecurity experts to contain and mitigate the attack.
  • Restore from Backups: Use clean backups to restore affected systems, ensuring they are not connected to the compromised network during restoration.
  • Communicate Transparently: Inform affected parties and stakeholders about the breach and the steps being taken to address it.
  • Strengthen Security Posture: Review and enhance security measures to prevent future incidents.

 

How to Protect Your Business Against Ransomware Attacks?

 

  • Employee Training: Regularly train employees on recognizing phishing attempts and cybersecurity best practices.
  • Multi-Factor Authentication (MFA): Implement MFA to add an extra layer of security to user accounts.
  • Regular Updates and Patching: Keep all software and systems updated to protect against known vulnerabilities.
  • Network Segmentation: Segment networks to limit lateral movement within the system.
  • Advanced Security Solutions: Deploy endpoint detection and response (EDR), firewalls, and intrusion detection systems (IDS).
  • Regular Backups: Maintain regular, secure backups of critical data and test restoration processes.
For more comprehensive details on protection strategies, you can read my previous articles on these topics:
  1. Business Continuity Strategies and GCP Disaster Recovery
  2. Ransomware Protection in GCP: Effective Cloud Strategies


These articles provide in-depth insights into business continuity planning and specific ransomware protection measures within Google Cloud Platform (GCP).

How Guilda Can Help

Guilda offers a comprehensive suite of cybersecurity services designed to protect your business against sophisticated threats like ransomware, or any cybersecurity breach. Our services include:

  • Data, Application, and Cloud Security: Implementing robust security measures across all digital assets to prevent cybersecurity breaches.
  • Incident Response: Rapid response teams to address and mitigate cyber incidents effectively.
  • Security Training: Educating your workforce on best security practices and threat awareness.
  • Risk Management: Proactive identification and management of potential risks to prevent breaches.
  • Compliance and Certification: Ensuring your business meets industry standards and regulatory requirements.
  • Advanced Security Tools: Deploying state-of-the-art security technologies to safeguard your environment against cybersecurity breaches.

By partnering with Guilda, your business will benefit from our expertise in adaptive and robust cybersecurity solutions, ensuring you are well-protected against current and future threats. Contact us today to fortify your defenses and secure your digital future.

For more information and to stay updated on the latest cybersecurity news, visit our website or contact our support team.

Comments are closed.