LockBit affiliate uses Amadey Bot malware to deploy ransomware


A LockBit 3.0 ransomware affiliate is using phishing emails that install the Amadey Bot to take control of a device and encrypt devices.

According to a new AhnLab report, the threat actor targets companies using phishing emails with lures pretending to be job application offers or copyright infringement notices.

The LockBit 3.0 payload used in this attack is downloaded as an obfuscated PowerShell script or executable form, running on the host to encrypt files.

Read more…
Source: Bleeping Computer