New Phishing Campaign Deploying LockBit Black Ransomware
A phishing campaign full of millions of messages carrying the LockBit Black 3.0 ransomware is being delivered by the Phorpiex botnet, as reported by Proofpoint and other cybersecurity researchers.
Phorpiex is an older bot that was first observed around 2011, changing from using worms spread by USB drives and instant messaging apps to now delivering a more dangerous payloads in a ransomware-as-a-service (RaaS) model. Since 2018, the botnet has been conducting data exfiltration and ransomware delivery activities.
Beginning on April 24, 2024, large volumes of messages started being observed. This is the first time, researchers observed samples of LockBit Black with such high numbers.
The messages were sent from an alias “Jenny Green” at jenny@gsd.com using the subject line “Your Document” and containing a zip file “Document.zip.”
The message read:
“Hello you can find your document in the attachment.
Please reply as soon as possible.
Kind regards, GSD Support.”
The executable (.exe) was downloading the LockBit Black payload from the Phorpiex botnet infrastructure. Like with all phishing attacks, the user interaction launched the executable file that starts a network callout to Phorpiex botnet infrastructure. It exhibits data theft behavior and seizes the system, encrypting files, and terminating services.
This phishing campaign focuses on quantity over quality. The emails are extremely basic, sent at high volume, and do not have a specific industry target. Stay vigilant. The best way to do so is to partner with a technology solutions provider and MSSP, like 2W Tech, to ensure you have the best security solutions posture in place. It is always important to remember that your users are the key to your business not becoming a victim to ransomware. Spend the time and resources and get and keep them trained.
Read More: