Friday, November 15, 2024
HomeBotnetNew Botnet Sending Millions of Weaponized Emails with LockBit Black Ransomware

New Botnet Sending Millions of Weaponized Emails with LockBit Black Ransomware

Published on

The New Jersey Cybersecurity & Communications Integration Cell (NJCCIC) has detected a formidable new cyber threat.

Dubbed LockBit Black, this ransomware campaign is leveraging a botnet to distribute millions of weaponized emails, posing a significant risk to individuals and organizations.

The Mechanics of the Attack

The LockBit Black campaign, identified through the NJCCIC’s sophisticated email security solutions, has also been spotlighted through incident reports and observations from various information-sharing and analysis centers.

- Advertisement - SIEM as a Service

The hallmark of this campaign is its use of emails containing malicious ZIP attachments, all seemingly sent from the same email addresses: “JennyBrown3422[@]gmail[.]com” and “Jenny[@]gsd[.]com.”

Upon opening these ZIP files, victims find a compressed executable that, once executed, unleashes the LockBit Black ransomware onto the operating system.

Free Webinar on Live API Attack Simulation: Book Your Seat | Start protecting your APIs from hackers

This particular strain of ransomware encrypts files, rendering them inaccessible to users and demanding a ransom for their release.

The campaign has been notably associated with the Phorpiex (Trik) botnet, which delivered the ransomware payload.

Investigations have revealed over 1,500 unique sending IP addresses linked to this campaign, many of which can be traced back to countries such as Kazakhstan, Uzbekistan, Iran, Russia, and China.

Two IP addresses, in particular, were identified as hosting the LockBit executables: 193 [.]233[.]132[.]177 and 185[.]215[.]113[.]66.

The emails often lure victims with subject lines such as “your document” and “photo of you???” Fortunately, the NJCCIC has successfully blocked or quarantined all associated emails, mitigating the immediate threat.

Proactive Measures and Recommendations

In response to this escalating threat, the NJCCIC has issued a series of recommendations aimed at bolstering the cybersecurity posture of individuals and organizations:

  • Security Awareness Training: Regular training sessions can significantly enhance one’s ability to spot and avoid malicious communications.
  • Strong, Unique Passwords and Multi-Factor Authentication (MFA): Utilizing complex passwords and enabling MFA wherever possible can add an extra layer of security, with a preference for authentication apps or hardware tokens over SMS.
  • System Updates and Patch Management: It is crucial to keep all systems up to date and promptly apply security patches to defend against known vulnerabilities.
  • Endpoint Security Solutions: Installing robust endpoint security software can protect against various malware forms.
  • Monitoring and Detection: Implementing solutions to monitor for suspicious login attempts and unusual user behavior can help in the early detection of potential breaches.
  • Email Filtering Solutions: Deploying spam filters and other email filtering technologies can help block malicious messages before they reach the inbox.
  • Ransomware Mitigation Techniques: Adhering to the guidelines and strategies outlined in NJCCIC’s ransomware mitigation publications can prepare organizations to respond effectively to ransomware incidents.

Furthermore, the NJCCIC encourages reporting phishing emails and other malicious cyber activities to the FBI’s Internet Crime Complaint Center (IC3) and the NJCCIC itself, fostering a collaborative effort to combat these cyber threats.

On-Demand Webinar to Secure the Top 3 SME Attack Vectors: Watch for Free

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Critical TP-Link DHCP Vulnerability Let Attackers Execute Arbitrary Code Remotely

A critical security flaw has been uncovered in certain TP-Link routers, potentially allowing malicious...

Chinese SilkSpecter Hackers Attacking Black Friday Shoppers

SilkSpecter, a Chinese financially motivated threat actor, launched a sophisticated phishing campaign targeting e-commerce...

Cybercriminals Launch SEO Poisoning Attack to Lure Shoppers to Fake Online Stores

The research revealed how threat actors exploit SEO poisoning to redirect unsuspecting users to...

Black Basta Ransomware Leveraging Social Engineering For Malware Deployment

Black Basta, a prominent ransomware group, has rapidly gained notoriety since its emergence in...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Critical TP-Link DHCP Vulnerability Let Attackers Execute Arbitrary Code Remotely

A critical security flaw has been uncovered in certain TP-Link routers, potentially allowing malicious...

Chinese SilkSpecter Hackers Attacking Black Friday Shoppers

SilkSpecter, a Chinese financially motivated threat actor, launched a sophisticated phishing campaign targeting e-commerce...

Cybercriminals Launch SEO Poisoning Attack to Lure Shoppers to Fake Online Stores

The research revealed how threat actors exploit SEO poisoning to redirect unsuspecting users to...