RedPacket Security

LockBit 3.0 Ransomware Victim: asianrecorp[.]com 2 hours ago


1. LockBit 3.0

LockBit 3.0 Ransomware Case Study: A Huge Cybersecurity Risk https://blog.criminalip.io/2022/09/23/lockbit-3-0-ransomware/

>>>>> Your data is stolen and encrypted.
If you don’t pay the ransom, the data will be published on our TOR darknet sites. 
Keep in mind that once your data appears on our leak site, 
it could be bought by your competitors at any second, 
so don’t hesitate for a long time. 
The sooner you pay the ransom, the sooner your company will be safe.

LockBit 3.0 Ransomware Unlocked Dana Behling October 15, 2022 35 min read https://blogs.vmware.com/security/2022/10/lockbit-3-0-also-known-as-lockbit-black.html

ITエンジニアを悪の道へ誘う「LockBit3.0」とは何者か 2022年10月27日 19時55分 https://www3.nhk.or.jp/news/html/20221027/k10013871631000.html


October 25, 2022 LockBit 3.0 demands $60m from UK car dealership Pendragon

Ransomware-as-a-Service gang LockBit 3.0 has posted UK-based car dealership Pendragon onto its dark web blog.

BlackMatterの機能で強化されたランサムウェア最新バージョンLockBit 3.0 https://www.trendmicro.com/ja_jp/research/22/h/lockbit-ransomware-group-augments-its-latest-variant--lockbit-3-.html



LockBit 3.0の検体が未知のパッカーでパックされた複数のセクションを持つWin32 .exeファイルであることがわかりました

1.1. 被害


1.2. 解説

LockBitランサムウェアとは https://www.kaspersky.co.jp/resource-center/threats/lockbit-ransomware

What kind of malware is LockBit 3.0? https://www.pcrisk.com/removal-guides/24242-lockbit-3-0-ransomware

LockBit 3.0 と BlackMatter の関係を分析 https://iototsecnews.jp/2022/07/27/experts-find-similarities-between-new-lockbit-3-0-and-blackmatter-ransomware/

英語班 https://thehackernews.com/2022/07/experts-find-similarities-between.html

「この LockBit 3.0 の注目すべき動作は、そのファイル削除技術である。

削除のためのバッチやコマンドを cmd.exe で実行する代わりに、
バイナリから復号化された .tmp ファイルをドロップして実行する。
この .tmp ファイルは、フォレンジック・ツールによる復元を防ぎ、痕跡を消すために、
元のファイル名の長さ (拡張子を含む) をベースにした新しいファイル名で、

What Is the LockBit 3.0 Ransomware and What Can You Do About It? https://www.makeuseof.com/what-is-lockbit-ransomware-what-can-you-do-about-it/


LockBit 3.0: Significantly Improved Ransomware Helps the Gang Stay on Top

Robert Lemos Contributing Writer, Dark Reading July 27, 2022

Reverse-engineering the latest ransomware executables from the group behind LockBit shows that the developers have added capabilities from other popular attack tools and are actively working to improve LockBit's anti-analysis capabilities, according to researchers.

Major Improvements for LockBit 3.0

The changes to the latest version of the LockBit ransomware includes functions that collect system APIs as a way to use legitimate functions as part of its attack and extensive — albeit fairly simple — encryption of configuration data and code, according to Trend Micro's advisory.

Perhaps most notably, a major addition to LockBit 3.0 is a set of features to slow down or prevent reverse engineering. The program includes, for example, a password required to decrypt the main body of executable code and a feature that attempts to crash debuggers.

"They pride themselves on their ability to regularly update their ransomware and ransomware-as-a-service offerings," says Trend Micro's Clay. "There are a lot more obfuscation capabilities in 3.0, and they put in a lot of features that try to minimize how much analysts and researchers can discover about their code."

Meanwhile, the adoption of BlackMatter tactics is unsurprising, given that both LockBit and BlackMatter are Russia-linked groups and cybercriminals are increasingly moving between groups.



CategoryDns CategoryWatch CategoryTemplate

MoinQ: Security/ransomware/Lockbit3.0 (last edited 2023-01-25 02:40:41 by ToshinoriMaeno)