Security News > 2023 > September > Hackers use new 3AM ransomware to save failed LockBit attack
A new ransomware strain called 3AM has been uncovered after a threat actor used it in an attack that failed to deploy LockBit ransomware on a target network.
Researchers say in a report today that the new malware "Has only been used in a limited fashion" and it was a ransomware affiliate's fallback when defense mechanisms blocked LockBit.
Symantec's Threat Hunter Team, part of Broadcom, says that attacks using 3AM ransomware are rare, saying that they only saw it in a single incident when a ransomware affiliate switched to it because they could not deploy LockBit.
BleepingComputer is aware of a 3AM ransomware attack that occurred in February, around the time the operation appears to have launched, but could not obtain a sample for analysis.
Symantec's Threat Hunter Team says that 3AM is written in Rust and appears to be unrelated to any known ransomware family, making it a completely new malware.
The researchers say that a 3AM ransomware attack is preceded by the use of a "Gpresult" command that dumps the system's policy settings for a specific user.
News URL
Related news
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- TechRepublic EXCLUSIVE: New Ransomware Attacks are Getting More Personal as Hackers ‘Apply Psychological Pressure” (source)
- Hackers Exploiting SimpleHelp RMM Flaws for Persistent Access and Ransomware (source)
- Hacker pleads guilty to SIM swap attack on US SEC X account (source)
- US sanctions LockBit ransomware’s bulletproof hosting provider (source)
- US indicts 8Base ransomware operators for Phobos encryption attacks (source)
- RA World Ransomware Attack in South Asia Links to Chinese Espionage Toolset (source)
- Chinese espionage tools deployed in RA World ransomware attack (source)
- whoAMI attacks give hackers code execution on Amazon EC2 instances (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)