Security News > 2024 > May > Botnet sent millions of emails in LockBit Black ransomware campaign
Since April, millions of phishing emails have been sent through the Phorpiex botnet to conduct a large-scale LockBit Black ransomware campaign.
The LockBit Black encryptor deployed in these attacks is likely built using the LockBit 3.0 builder leaked by a disgruntled developer on Twitter in September 2022.
This campaign is not believed to have any affiliation with the actual LockBit ransomware operation.
This executable then downloads a LockBit Black ransomware sample from the infrastructure of the Phorphiex botnet and executes it on the victim's system.
"Beginning April 24, 2024 and continuing daily for about a week, Proofpoint observed high-volume campaigns with millions of messages facilitated by the Phorpiex botnet and delivering LockBit Black ransomware," Proofpoint security researchers said.
"This is the first time Proofpoint researchers have observed samples of LockBit Black ransomware being delivered via Phorphiex in such high volumes."
News URL
Related news
- Police arrest four suspects linked to LockBit ransomware gang (source)
- LockBit Ransomware and Evil Corp Members Arrested and Sanctioned in Joint Global Effort (source)
- Crypt Ghouls Targets Russian Firms with LockBit 3.0 and Babuk Ransomware Attacks (source)
- Ransomware Gangs Use LockBit's Fame to Intimidate Victims in Latest Attacks (source)