Security News > 2022 > July > New Lilith ransomware emerges with extortion site, lists first victim
A new ransomware operation has been launched under the name 'Lilith,' and it has already posted its first victim on a data leak site created to support double-extortion attacks.
Lilith is a C/C++ console-based ransomware discovered by JAMESWT and designed for 64-bit versions of Windows.
Like most ransomware operations launching today, Lilith performs double-extortions attacks, which is when the threat actors steal data before encrypting devices.
Before the encryption process is initiated, Lilith creates and drops ransom notes on all the enumerated folders.
Interestingly, Lilith also contains an exclusion for 'ecdh pub k.bin,' which stores the local public key of BABUK ransomware infections.
While it's too early to tell if Lilith could develop into a large-scale threat or a successful RaaS program, it's something analysts should keep an eye on.