"Botnet Sent Millions of Emails in LockBit Black Ransomware Campaign"

According to New Jersey's Cybersecurity and Communications Integration Cell (NJCCIC), millions of phishing emails have been sent through the Phorpiex botnet since April to conduct a large-scale LockBit Black ransomware campaign. The attackers use ZIP attachments containing an executable that deploys the LockBit Black payload, which encrypts the recipients' systems if launched. The NJCCIC noted that the LockBit Black encryptor deployed in these attacks is likely built using the LockBit 3.0 builder leaked by a disgruntled developer on Twitter in September 2022. However, this campaign is not believed to have any affiliation with the actual LockBit ransomware operation. The NJCCIC noted that these phishing emails with "your document" and "photo of you???" subject lines are being sent using "Jenny Brown" or "Jenny Green" aliases from over 1,500 unique IP addresses worldwide, including Kazakhstan, Uzbekistan, Iran, Russia, and China. The attack chain begins when the recipient opens the malicious ZIP archive attachment and executes the binary inside. This executable then downloads a LockBit Black ransomware sample from the infrastructure of the Phorphiex botnet and executes it on the victim's system. After launching it, it will attempt to steal sensitive data, terminate services, and encrypt files. The Phorpiex botnet (also known as Trik) has been active for over a decade. It evolved from a worm that spread via removable USB storage and Skype or Windows Live Messenger chats into an IRC-controlled trojan that used email spam delivery.

 

BleepingComputer reports: "Botnet Sent Millions of Emails in LockBit Black Ransomware Campaign"

Submitted by Adam Ekwall on