Massive Ransomware Campaign: LockBit Black Distributed by Phorpiex Botnet
In a significant escalation of ransomware attacks, Proofpoint researchers have uncovered a massive campaign distributing LockBit Black ransomware through millions of emails via the Phorpiex botnet. This marks the first time this potent ransomware strain, also known as LockBit 3.0, has been observed being delivered at such a massive scale.
The Deceptive Bait: “Your Document” Emails
Example message from ”Jenny Green.” | Image: Proofpoint
The malicious emails, disguised as messages from “Jenny Green” with the subject “Your Document,” contained ZIP files harboring executable payloads. These seemingly innocuous attachments, once opened, unleashed the LockBit Black ransomware, encrypting files and crippling systems across multiple industries worldwide.
Opportunistic Targeting and Global Reach
The campaign targeted organizations across various sectors globally, suggesting an opportunistic approach rather than specific targeting. The attackers leveraged the Phorpiex botnet, a malware-as-a-service platform with a history of distributing various threats, to amplify the campaign’s reach and impact.
A Return to Aggressive Tactics
Distributing ransomware directly as a first-stage payload in email campaigns has been relatively uncommon since before 2020. This resurgence of aggressive tactics, combined with the high volume of messages, signals a concerning shift in the ransomware landscape.
Proofpoint has not attributed this campaign to a specific threat actor. However, the consistent use of the “Jenny Green” alias and the delivery method suggest a well-coordinated operation. The use of Phorpiex and LockBit Black in tandem underscores the evolving tactics, techniques, and procedures (TTPs) employed by cybercriminals.
The LockBit Black Advantage
LockBit Black, released in 2022 with enhanced capabilities, gained further notoriety when its builder was leaked online, allowing threat actors to easily customize and deploy the ransomware. This campaign demonstrates the dangerous convergence of a sophisticated ransomware strain with the widespread distribution power of the Phorpiex botnet.
Staying Ahead of the Evolving Threat
The LockBit Black campaign serves as a stark reminder of the ever-evolving nature of cyber threats. Organizations and individuals must remain vigilant, prioritize security awareness training, and employ robust security measures to mitigate the risks posed by ransomware attacks.
