Security News > 2023 > September > Hackers use new 3AM ransomware to save failed LockBit attack
A new ransomware strain called 3AM has been uncovered after a threat actor used it in an attack that failed to deploy LockBit ransomware on a target network.
Researchers say in a report today that the new malware "Has only been used in a limited fashion" and it was a ransomware affiliate's fallback when defense mechanisms blocked LockBit.
Symantec's Threat Hunter Team, part of Broadcom, says that attacks using 3AM ransomware are rare, saying that they only saw it in a single incident when a ransomware affiliate switched to it because they could not deploy LockBit.
BleepingComputer is aware of a 3AM ransomware attack that occurred in February, around the time the operation appears to have launched, but could not obtain a sample for analysis.
Symantec's Threat Hunter Team says that 3AM is written in Rust and appears to be unrelated to any known ransomware family, making it a completely new malware.
The researchers say that a 3AM ransomware attack is preceded by the use of a "Gpresult" command that dumps the system's policy settings for a specific user.
News URL
Related news
- Crypt Ghouls Targets Russian Firms with LockBit 3.0 and Babuk Ransomware Attacks (source)
- Ransomware Gangs Use LockBit's Fame to Intimidate Victims in Latest Attacks (source)
- North Korean govt hackers linked to Play ransomware attack (source)
- Embargo ransomware escalates attacks to cloud environments (source)
- JPCERT shares Windows Event Log tips to detect ransomware attacks (source)
- Police arrest four suspects linked to LockBit ransomware gang (source)
- Ransomware attack forces UMC Health System to divert some patients (source)
- LockBit Ransomware and Evil Corp Members Arrested and Sanctioned in Joint Global Effort (source)
- North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)