LockBit Ransomware Developers Launch New Tool to Save Failed Attacks
3AM is a new ransomware-as-a-service (RaaS) developed by the LockBit ransomware group.
3AM is designed to decrypt files that have been encrypted by LockBit.
3AM is still under development, but it's already been used in a few attacks.
There are things you can do to protect yourself from 3AM and ransomware in general, such as keeping your software up to date, using a security solution, and training yourself and your employees on how to identify and avoid phishing attacks.
Y'all, let’s talk about a new ransomware called 3AM.
3AM is a ransomware-as-a-service (RaaS) that's been developed by the LockBit ransomware group. RaaS is a model where the ransomware developers provide the ransomware and the infrastructure to deliver it, and the affiliates distribute it and collect the ransom payments.
3AM is designed to decrypt files that have been encrypted by LockBit. So if a LockBit attack fails, the hackers can use 3AM to decrypt the files and still get a ransom payment.
The 3AM ransomware is still under development, but it's already been used in a few attacks. And it's likely to be used more in the future, as LockBit becomes more popular.
Here are some things y'all can do to protect yourselves from 3AM and ransomware in general:
Keep your software up to date. Software vendors often release security patches to fix vulnerabilities that can be exploited by ransomware. Keeping your software up to date will help to protect you from these vulnerabilities.
Use a security solution that can detect and block ransomware. There are many security solutions available that can detect and block ransomware. These solutions can help to prevent ransomware from infecting your computer in the first place.
Train yourself and your employees on how to identify and avoid phishing attacks. Phishing attacks are a common way that ransomware is spread. By training yourself and your employees on how to identify and avoid phishing attacks, you can help to prevent ransomware from infecting your computer.
Have a backup plan. If you do get hit by a ransomware attack, having a backup plan will help you to recover your files.
Don't pay the ransom. Paying the ransom only encourages the hackers to keep attacking.
If you do get hit by a ransomware attack, contact your IT department or a cybersecurity professional for help. They can help you to recover your files and prevent future attacks.
In addition to these general tips, here are some specific things to look out for if you think you might be targeted by 3AM:
You receive an email from someone you don't know, asking you to click on a link or open an attachment.
You see a pop-up window on your computer that says your files have been encrypted and you need to pay a ransom to decrypt them.
Your computer starts to behave strangely, such as running slowly or displaying strange messages.
If you see any of these signs, it's important to take action immediately. Don't click on any links or open any attachments in the email, and don't pay the ransom. Instead, contact your IT department or a cybersecurity professional for help.
Will update when more information is available.
I hope this helps. Y'all be safe out there.
Below is a redacted copy of the ransom note text enclosed in a file named 'RECOVER-FILES.txt' that is present in every folder that the malware scans: (courtesy of Bleeping Computer)
Hello. "3 am" The time of mysticism, isn't it? All your files are mysteriously encrypted, and the systems "show no signs of life", the backups disappeared. But we can correct this very quickly and return all your files and operation of the systems to original state. All your attempts to restore data by himself will definitely lead to their damage and the impossibility of recovery. We are not recommended to you to do it on our own!!! (or do at your own peril and risk). There is another important point: we stole a fairly large amount of sensitive data from your local network: financial documents; personal information of your employees, customers, partners; work documentation, postal correspondence and much more. We prefer to keep it secret, we have no goal to destroy your business. Therefore can be no leakage on our part. We propose to reach an agreement and conclude a deal. Otherwise, your data will be sold to DarkNet/DarkWeb. One can only guess how they will be used. Please contact us as soon as possible, using Tor-browser: http://threeamxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.onion/recovery Access key: xxx