Millions of Messages Distribute LockBit Black Ransomware


Beginning April 24, 2024 and continuing daily for about a week, Proofpoint observed high-volume campaigns with millions of messages facilitated by the Phorpiex botnet and delivering LockBit Black ransomware.

This is the first time Proofpoint researchers have observed samples of LockBit Black ransomware (aka LockBit 3.0) being delivered via Phorpiex in such high volumes. The LockBit Black sample from this campaign was likely built from the LockBit builder that was leaked during the summer of 2023. Messages were from “Jenny Green” with the email address of Jenny @gsd[.]com. The emails contained an attached ZIP file with an executable (.exe). This executable was observed downloading the LockBit Black payload from Phorpiex botnet infrastructure.

Read more…
Source: Proofpoint


Sign up for our Newsletter


Related:

  • Payload Trends in Malicious OneNote Samples

    May 16, 2024

    In this post, Unt 42 researchers look at the types of embedded payloads that attackers leverage to abuse Microsoft OneNote files. Our analysis of roughly 6,000 malicious OneNote samples from WildFire reveals that these samples have a phishing-like theme where attackers use one or more images to lure people into clicking or interacting with OneNote ...

  • Millions of Messages Distribute LockBit Black Ransomware

    May 13, 2024

    Beginning April 24, 2024 and continuing daily for about a week, Proofpoint observed high-volume campaigns with millions of messages facilitated by the Phorpiex botnet and delivering LockBit Black ransomware. This is the first time Proofpoint researchers have observed samples of LockBit Black ransomware (aka LockBit 3.0) being delivered via Phorpiex in such high volumes. The LockBit ...

  • How cybercriminals steal one-time passcodes for SIM swap attacks and raiding bank accounts

    May 13, 2024

    The incoming phone call flashes on a victim’s phone. It may only last a few seconds, but can end with the victim handing over codes that give cybercriminals the ability to hijack their online accounts or drain their crypto and digital wallets. “This is the PayPal security team here. We’ve detected some unusual activity on your ...

  • Unmasking Tycoon 2FA: A Stealthy Phishing Kit Used to Bypass Microsoft 365 and Google MFA

    May 9, 2024

    Tycoon 2FA is a phishing-as-a-service (PhaaS) platform that was first seen in August 2023. Like many phish kits, it bypasses multifactor authentication (MFA) protections and poses a significant threat to users. Lately, Tycoon 2FA has been grabbing headlines because of its role in ongoing campaigns designed to target Microsoft 365 and Gmail accounts. Read more… Source: Proofpoint Sign up ...

  • Financial cyberthreats in 2023

    May 6, 2024

    Money is what always attracts cybercriminals. A significant share of scam, phishing and malware attacks is about money. With trillions of dollars of digital payments made every year, it is no wonder that attackers target electronic wallets, online shopping accounts and other financial assets, inventing new techniques and reusing good old ones. Amid the current threat ...

  • GenAI Is Powering the Latest Surge in Modern Email Threats

    May 6, 2024

    Generative artificial intelligence (GenAI) tools like ChatGPT have extensive business value. They can write content, clean up context, mimic writing styles and tone, and more. But what if bad actors abuse these capabilities to create highly convincing, targeted and automated phishing messages at scale? No need to wonder as it’s already happening. Not long after the ...