Security News > 2023 > September > Attackers use fallback ransomware if LockBit gets blocked
Your security solutions might stave off a LockBit infection, but you might still end up with encrypted files: according to Symantec's threat researchers, some affiliates are using the 3AM ransomware as a fallback option in case LockBit gets flagged and blocked.
LockBit is a known ransomware family that has been unleashing havoc for quite some time now.
"To date, the ransomware has only been used in a limited fashion," the researchers noted - the company's threat hunters have seen it used in a single attack by a ransomware affiliate.
"The attackers only managed to deploy it to three machines on the organization's network and it was blocked on two of those three computers."
The attackers had some success: before attempting to encrypt them, they exfiltrated the files, which means that they might yet try to extort the victim organization.
"New ransomware families appear frequently and most disappear just as quickly or never manage to gain significant traction. However, the fact that 3AM was used as a fallback by a LockBit affiliate suggests that it may be of interest to attackers and could be seen again in the future," Symantec threat hunters commented.