Millions of Messages Distribute LockBit Black Ransomware


Beginning April 24, 2024 and continuing daily for about a week, Proofpoint observed high-volume campaigns with millions of messages facilitated by the Phorpiex botnet and delivering LockBit Black ransomware.

This is the first time Proofpoint researchers have observed samples of LockBit Black ransomware (aka LockBit 3.0) being delivered via Phorpiex in such high volumes. The LockBit Black sample from this campaign was likely built from the LockBit builder that was leaked during the summer of 2023. Messages were from “Jenny Green” with the email address of Jenny @gsd[.]com. The emails contained an attached ZIP file with an executable (.exe). This executable was observed downloading the LockBit Black payload from Phorpiex botnet infrastructure.

Read more…
Source: Proofpoint


Sign up for our Newsletter


Related:

  • FIN10 Extorting Canadian Mining Companies, Casinos

    June 20, 2017

    Cybercriminals targeting casinos and mining firms in North America have extorted as much as $620,000 per theft during a four-year run in which they threaten victims with the destruction or public release of stolen data. Between 2013 and 2016, mostly Canadian firms were hit with nearly a dozen seemingly unrelated hacks, but after an analysis of the ...

  • FBI: Whaling now a US$ 5 billion business as execs targeted

    May 9, 2017

    The US Federal Bureau of Investigation (FBI) has reported the continuing explosion of Business Email Compromise (BEC) attacks as the practice becomes a US$ 5 billion (£3.86 billion) business. Between October 2013 and 2016 the total international reported loss from such scams is US$ 5,302,890,449 (£4,100 million), with US bodies taking up nearly US$ 1.6 billion ...

  • Don’t click that Google Docs link! Gmail hijack mail spreads like wildfire

    May 3, 2017

    If you get an email today sharing a Google Docs file with you, don’t click it – you may accidentally hand over your Gmail inbox and your contacts to a mystery attacker. The phishing campaign really kicked off in a big way on Wednesday morning, US West Coast time. The malicious email contains what appears to ...

  • Fake Delta Airline Receipts Spread Financial Malware

    April 24, 2017

    Spam emails posing as Delta Air payment confirmation emails are spreading financial and banking malware to computers. According to Heimdal Security firm, a new campaign trying to get access to your financial information was noticed in the wild. Users are receiving spam emails posing as payment confirmations from Delta Air. As the researchers point out, this is ...

  • This Phishing Attack is Almost Impossible to Detect On Chrome, Firefox and Opera

    April 17, 2017

    A Chinese infosec researcher has discovered a new “almost impossible to detect” phishing attack that can be used to trick even the most careful users on the Internet. He warned, Hackers can use a known vulnerability in the Chrome, Firefox and Opera web browsers to display their fake domain names as the websites of legitimate services, ...

  • Personalized spam campaign targets Germany

    March 20, 2017

    A spam campaign Symantec observed in January 2017 targeting people who live in Germany appears to be, once again, using detailed, real personal information to enhance the believability of the messages. Victims who open the message attachments are likely to have their Windows computers infected with malware that steals banking information. First seen in the UK Symantec ...