Security News > 2023 > September > Hackers use new 3AM ransomware to save failed LockBit attack
A new ransomware strain called 3AM has been uncovered after a threat actor used it in an attack that failed to deploy LockBit ransomware on a target network.
Researchers say in a report today that the new malware "Has only been used in a limited fashion" and it was a ransomware affiliate's fallback when defense mechanisms blocked LockBit.
Symantec's Threat Hunter Team, part of Broadcom, says that attacks using 3AM ransomware are rare, saying that they only saw it in a single incident when a ransomware affiliate switched to it because they could not deploy LockBit.
BleepingComputer is aware of a 3AM ransomware attack that occurred in February, around the time the operation appears to have launched, but could not obtain a sample for analysis.
Symantec's Threat Hunter Team says that 3AM is written in Rust and appears to be unrelated to any known ransomware family, making it a completely new malware.
The researchers say that a 3AM ransomware attack is preceded by the use of a "Gpresult" command that dumps the system's policy settings for a specific user.
News URL
Related news
- Clop ransomware claims responsibility for Cleo data theft attacks (source)
- Rhode Island confirms data breach after Brain Cipher ransomware attack (source)
- Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks (source)
- Russian hackers use RDP proxies to steal data in MiTM attacks (source)
- Ascension: Health data of 5.6 million stolen in ransomware attack (source)
- US charges Russian-Israeli as suspected LockBit ransomware coder (source)
- LockBit Developer Rostislav Panev Charged for Billions in Global Ransomware Damages (source)
- US charges suspected LockBit ransomware developer (source)
- Criminal Complaint against LockBit Ransomware Writer (source)
- Clop ransomware threatens 66 Cleo attack victims with data leak (source)