New Botnet Sending Millions of Weaponized Emails with LockBit Black Ransomware

The New Jersey Cybersecurity & Communications Integration Cell (NJCCIC) has detected a formidable new cyber threat.

Dubbed LockBit Black, this ransomware campaign is leveraging a botnet to distribute millions of weaponized emails, posing a significant risk to individuals and organizations.

The Mechanics of the Attack

The LockBit Black campaign, identified through the NJCCIC’s sophisticated email security solutions, has also been spotlighted through incident reports and observations from various information-sharing and analysis centers.

The hallmark of this campaign is its use of emails containing malicious ZIP attachments, all seemingly sent from the same email addresses: “JennyBrown3422[@]gmail[.]com” and “Jenny[@]gsd[.]com.”

Upon opening these ZIP files, victims find a compressed executable that, once executed, unleashes the LockBit Black ransomware onto the operating system.

Free Webinar on Live API Attack Simulation: Book Your Seat | Start protecting your APIs from hackers

This particular strain of ransomware encrypts files, rendering them inaccessible to users and demanding a ransom for their release.

The campaign has been notably associated with the Phorpiex (Trik) botnet, which delivered the ransomware payload.

Investigations have revealed over 1,500 unique sending IP addresses linked to this campaign, many of which can be traced back to countries such as Kazakhstan, Uzbekistan, Iran, Russia, and China.

Two IP addresses, in particular, were identified as hosting the LockBit executables: 193 [.]233[.]132[.]177 and 185[.]215[.]113[.]66.

The emails often lure victims with subject lines such as “your document” and “photo of you???” Fortunately, the NJCCIC has successfully blocked or quarantined all associated emails, mitigating the immediate threat.

Proactive Measures and Recommendations

In response to this escalating threat, the NJCCIC has issued a series of recommendations aimed at bolstering the cybersecurity posture of individuals and organizations:

  • Security Awareness Training: Regular training sessions can significantly enhance one’s ability to spot and avoid malicious communications.
  • Strong, Unique Passwords and Multi-Factor Authentication (MFA): Utilizing complex passwords and enabling MFA wherever possible can add an extra layer of security, with a preference for authentication apps or hardware tokens over SMS.
  • System Updates and Patch Management: It is crucial to keep all systems up to date and promptly apply security patches to defend against known vulnerabilities.
  • Endpoint Security Solutions: Installing robust endpoint security software can protect against various malware forms.
  • Monitoring and Detection: Implementing solutions to monitor for suspicious login attempts and unusual user behavior can help in the early detection of potential breaches.
  • Email Filtering Solutions: Deploying spam filters and other email filtering technologies can help block malicious messages before they reach the inbox.
  • Ransomware Mitigation Techniques: Adhering to the guidelines and strategies outlined in NJCCIC’s ransomware mitigation publications can prepare organizations to respond effectively to ransomware incidents.

Furthermore, the NJCCIC encourages reporting phishing emails and other malicious cyber activities to the FBI’s Internet Crime Complaint Center (IC3) and the NJCCIC itself, fostering a collaborative effort to combat these cyber threats.

On-Demand Webinar to Secure the Top 3 SME Attack Vectors: Watch for Free

Divya

Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

Hackers Exploiting California Wildfire Sparks to Launching Phishing Attacks

As California grapples with devastating wildfires, communities are rallying to protect lives and property. Unfortunately,…

13 hours ago

AIRASHI Botnet Exploiting 0-Day Vulnerabilities In Large Scale DDoS Attacks

AISURU botnet launched a DDoS attack targeting Black Myth: Wukong distribution platforms in August 2024…

14 hours ago

New Botnet Exploiting DNS Records Misconfiguration To Deliver Malware

Botnets are the networks of compromised devices that have evolved significantly since the internet's inception.…

14 hours ago

FTC Slams GoDaddy For Not Implement Standard Security Practices Following Major Breaches

The Federal Trade Commission (FTC) has announced that it will require GoDaddy Inc. to develop…

14 hours ago

Thousands of PHP-based Web Applications Exploited to Deploy Malware

A significant cybersecurity threat has emerged, threatening the integrity of thousands of PHP-based web applications.…

14 hours ago

W3 Total Cache Plugin Vulnerability Let Attackers Gain Unauthorized Access to Sensitive Data

A significant security vulnerability has been identified in the W3 Total Cache plugin for WordPress,…

17 hours ago