Millions of Messages Distribute LockBit Black Ransomware


Beginning April 24, 2024 and continuing daily for about a week, Proofpoint observed high-volume campaigns with millions of messages facilitated by the Phorpiex botnet and delivering LockBit Black ransomware.

This is the first time Proofpoint researchers have observed samples of LockBit Black ransomware (aka LockBit 3.0) being delivered via Phorpiex in such high volumes. The LockBit Black sample from this campaign was likely built from the LockBit builder that was leaked during the summer of 2023. Messages were from “Jenny Green” with the email address of Jenny @gsd[.]com. The emails contained an attached ZIP file with an executable (.exe). This executable was observed downloading the LockBit Black payload from Phorpiex botnet infrastructure.

Read more…
Source: Proofpoint


Sign up for our Newsletter


Related:

  • Government Cybersecurity Contractor Hit in W-2 Phishing Scam

    March 17, 2017

    Just a friendly reminder that phishing scams which spoof the boss and request W-2 tax data on employees are intensifying as tax time nears. The latest victim shows that even cybersecurity experts can fall prey to these increasingly sophisticated attacks. On Thursday, March 16, the CEO of Defense Point Security, LLC — a Virginia company that ...

  • Social Media Phishing Rose 500% in 2016 Q4

    February 9, 2017

    Throughout 2016, social media phishing attacks have climbed 500%, a new Proofpoint research reveals. The data includes cases of angler phishing, where attackers intercept customer support channels on social media in their attempt to steal people’s credentials, which proved to be the most common among financial services, but also entertainment accounts. According to Proofpoint’s Quarterly Threat ...

  • Netflix Users Under Attack As Hackers Try to Steal Credit Card Info

    January 10, 2017

    Security company FireEye detected a new wave of attacks aimed at Netflix users, with cybercriminals now turning to phishing schemes in order to steal their personal information, including credit card data, social security numbers, and other details. Although it seems that the attacks have been suspended, Netflix users in the United States should always keep an ...