| Attribute | Details |
|---|---|
| Threat Actors | 3AM ransomware group |
| Campaign Overview | Emerged in late 2023; exfiltrates, encrypts, and extorts victims using stolen sensitive data |
| Target Regions | Western-affiliated countries |
| Methodology | Data exfiltration, encryption of local data, ransom demand via notes, and data leak threats |
| Product Targeted | Enterprise networks, public institutions, and individual systems |
| Malware Reference | 3AM ransomware, related to LockBit and BlackSuit |
| Tools Used | Ransomware written in Rust, Volume Shadow Copy deletion |
| Vulnerabilities Exploited | Likely weak network defenses, unpatched systems, and lack of adequate data security measures |
| TTPs | File renaming with “.threeamtime”, marker “0x666”, ransom notes, dark web leak site |
| Attribution | Links to LockBit ransomware, operated by Russian-speaking actors |
| Recommendations | Offsite backups, security patches, MFA, network segmentation, staff awareness, data encryption |
| Source | Tripwire |
Read full article: https://www.tripwire.com/state-of-security/3am-ransomware-what-you-need-know
Disclaimer: The above summary has been generated by an AI language model
Leave a Reply