Press ESC to close

NotLockBit: A Deep Dive Into the New Ransomware Threat

Category Details
Threat Actors NotLockBit ransomware operators.
Campaign Overview NotLockBit mimics LockBit ransomware; targets macOS and Windows systems with cross-platform functionality, focusing on encryption, exfiltration, and self-deletion.
Target Regions/Victims Global targeting, with emphasis on macOS and Windows users.
Methodology File encryption, data exfiltration, self-deletion, phishing for initial access, use of AWS S3 for data storage, and exploitation of public-facing apps.
Product Targeted Personal and professional data, virtual machine files, and AWS credentials.
Malware Reference NotLockBit ransomware, written in Go programming language.
Tools Used AWS SDK for Go v2 library, osascript command for macOS, and encryption mechanisms (AES and RSA).
Vulnerabilities Exploited Exploit public-facing applications (MITRE T1190), phishing (MITRE T1566).
TTPs Reconnaissance, data encryption, exfiltration, changing desktop wallpaper, self-deletion, mimicking known ransomware families (LockBit).
Attribution Analyzed by Qualys and identified as a distinct strain mimicking LockBit’s tactics and appearance.
Recommendations Enhance endpoint detection, update and patch systems, educate users on phishing threats, monitor AWS credentials, and implement proactive incident response.
Source Qualys

Read full article: https://blog.qualys.com/vulnerabilities-threat-research/2024/12/18/notlockbit-a-deep-dive-into-the-new-ransomware-threat

The above summary has been generated by an AI language model

Source: Qualys

Published on: December 18, 2024

Leave a Reply

Your email address will not be published. Required fields are marked *