Security News > 2023 > August > Spain warns of LockBit Locker ransomware phishing attacks
The National Police of Spain is warning of an ongoing 'LockBit Locker' ransomware campaign targeting architecture companies in the country through phishing emails.
BleepingComputer's analysis shows that the executed Python script will check if the user is an admin of the device, and if so, make modifications to the system for persistence and then executes the 'LockBit Locker' ransomware to encrypt files.
While the ransomware gang claims to be affiliated with the notorious LockBit ransomware operation, BleepingComputer believes this campaign is conducted by different threat actors using the leaked LockBit 3.0 ransomware builder.
Automated analysis by Intezer's scanning engine identifies the ransomware executable as being BlackMatter, a ransomware operation that shut down in 2021 and later rebranded as ALPHV/BlackCat.
LockBit ransomware builder leaked online by "Angry developer".
TSMC denies LockBit hack as ransomware gang demands $70 million.
News URL
Related news
- BianLian Threat Actors Exploiting JetBrains TeamCity Flaws in Ransomware Attacks (source)
- JetBrains is still mad at Rapid7 for the ransomware attacks on its customers (source)
- Stanford: Data of 27,000 people stolen in September ransomware attack (source)
- LockBit ransomware affiliate gets four years in jail, to pay $860k (source)
- Nissan confirms ransomware attack exposed data of 100,000 people (source)
- LockBit Ransomware Hacker Ordered to Pay $860,000 After Guilty Plea in Canada (source)
- LockBit ransomware kingpin gets 4 years behind bars (source)
- New Phishing Attack Uses Clever Microsoft Office Trick to Deploy NetSupport RAT (source)
- Hackers Exploiting Popular Document Publishing Sites for Phishing Attacks (source)
- TeamCity Flaw Leads to Surge in Ransomware, Cryptomining, and RAT Attacks (source)