"New Lilith Ransomware Emerges With Extortion Site, Lists First Victim"

A new ransomware operation called 'Lilith' has been launched, and its first victim has already been posted on a data leak site designed to support double-extortion attacks. JAMESWT discovered Lilith, a C/C++ console-based ransomware designed for 64-bit versions of Windows. Lilith, like most modern ransomware operations, engages in double-extortion attacks, in which threat actors steal data before encrypting devices. According to Cyble researchers who studied Lilith, the new ransomware family does not introduce any novelties, but it is one of the latest threats to be aware of, alongside RedAlert and 0mega, which have both recently emerged. When executed, Lilith attempts to terminate processes that match entries on a hardcoded list, such as Outlook, SQL, Thunderbird, Steam, PowerPoint, WordPad, Firefox, and others. This frees up valuable files from applications that are currently using them, making them available for encryption. Lilith creates and drops ransom notes on all the enumerated folders before the encryption process begins. The note gives victims three days to contact the ransomware actors via the provided Tox chat address, or their data will be made public. The file types found to be excluded from encryption are EXE, DLL, and SYS, while Program Files, web browsers, and the Recycle Bin folders are also overlooked. This article continues to discuss findings surrounding the new Lilith ransomware. 

Bleeping Computer reports "New Lilith Ransomware Emerges With Extortion Site, Lists First Victim"