Security News > 2023 > September > Hackers use new 3AM ransomware to save failed LockBit attack
A new ransomware strain called 3AM has been uncovered after a threat actor used it in an attack that failed to deploy LockBit ransomware on a target network.
Researchers say in a report today that the new malware "Has only been used in a limited fashion" and it was a ransomware affiliate's fallback when defense mechanisms blocked LockBit.
Symantec's Threat Hunter Team, part of Broadcom, says that attacks using 3AM ransomware are rare, saying that they only saw it in a single incident when a ransomware affiliate switched to it because they could not deploy LockBit.
BleepingComputer is aware of a 3AM ransomware attack that occurred in February, around the time the operation appears to have launched, but could not obtain a sample for analysis.
Symantec's Threat Hunter Team says that 3AM is written in Rust and appears to be unrelated to any known ransomware family, making it a completely new malware.
The researchers say that a 3AM ransomware attack is preceded by the use of a "Gpresult" command that dumps the system's policy settings for a specific user.
News URL
Related news
- North Korean govt hackers linked to Play ransomware attack (source)
- Wanted Russian Hacker Linked to Hive and LockBit Ransomware Arrested (source)
- Massive PSAUX ransomware attack targets 22,000 CyberPanel instances (source)
- North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack (source)
- North Korean hackers pave the way for Play ransomware (source)
- City of Columbus: Data of 500,000 stolen in July ransomware attack (source)
- Columbus, Ohio, confirms 500K people affected by Rhysida ransomware attack (source)
- Hackers increasingly use Winos4.0 post-exploitation kit in attacks (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)
- Halliburton reports $35 million loss after ransomware attack (source)