New Botnet Sending Millions of Weaponized Emails with LockBit Black Ransomware

The New Jersey Cybersecurity & Communications Integration Cell (NJCCIC) has detected a formidable new cyber threat.

Dubbed LockBit Black, this ransomware campaign is leveraging a botnet to distribute millions of weaponized emails, posing a significant risk to individuals and organizations.

The Mechanics of the Attack

The LockBit Black campaign, identified through the NJCCIC’s sophisticated email security solutions, has also been spotlighted through incident reports and observations from various information-sharing and analysis centers.

- Advertisement -

The hallmark of this campaign is its use of emails containing malicious ZIP attachments, all seemingly sent from the same email addresses: “JennyBrown3422[@]gmail[.]com” and “Jenny[@]gsd[.]com.”

Upon opening these ZIP files, victims find a compressed executable that, once executed, unleashes the LockBit Black ransomware onto the operating system.

Free Webinar on Live API Attack Simulation: Book Your Seat | Start protecting your APIs from hackers

This particular strain of ransomware encrypts files, rendering them inaccessible to users and demanding a ransom for their release.

The campaign has been notably associated with the Phorpiex (Trik) botnet, which delivered the ransomware payload.

Investigations have revealed over 1,500 unique sending IP addresses linked to this campaign, many of which can be traced back to countries such as Kazakhstan, Uzbekistan, Iran, Russia, and China.

Two IP addresses, in particular, were identified as hosting the LockBit executables: 193 [.]233[.]132[.]177 and 185[.]215[.]113[.]66.

The emails often lure victims with subject lines such as “your document” and “photo of you???” Fortunately, the NJCCIC has successfully blocked or quarantined all associated emails, mitigating the immediate threat.

Proactive Measures and Recommendations

In response to this escalating threat, the NJCCIC has issued a series of recommendations aimed at bolstering the cybersecurity posture of individuals and organizations:

• Security Awareness Training: Regular training sessions can significantly enhance one’s ability to spot and avoid malicious communications.
• Strong, Unique Passwords and Multi-Factor Authentication (MFA): Utilizing complex passwords and enabling MFA wherever possible can add an extra layer of security, with a preference for authentication apps or hardware tokens over SMS.
• System Updates and Patch Management: It is crucial to keep all systems up to date and promptly apply security patches to defend against known vulnerabilities.
• Endpoint Security Solutions: Installing robust endpoint security software can protect against various malware forms.
• Monitoring and Detection: Implementing solutions to monitor for suspicious login attempts and unusual user behavior can help in the early detection of potential breaches.
• Email Filtering Solutions: Deploying spam filters and other email filtering technologies can help block malicious messages before they reach the inbox.
• Ransomware Mitigation Techniques: Adhering to the guidelines and strategies outlined in NJCCIC’s ransomware mitigation publications can prepare organizations to respond effectively to ransomware incidents.

Furthermore, the NJCCIC encourages reporting phishing emails and other malicious cyber activities to the FBI’s Internet Crime Complaint Center (IC3) and the NJCCIC itself, fostering a collaborative effort to combat these cyber threats.

On-Demand Webinar to Secure the Top 3 SME Attack Vectors: Watch for Free