/xlntinc.com

RedPacket Security

LockBit 3.0 Ransomware Victim: asianrecorp[.]com 2 hours ago

https://www.redpacketsecurity.com/lockbit-3-0-ransomware-victim-asianrecorp-com/

1. LockBit 3.0

LockBit 3.0 Ransomware Case Study: A Huge Cybersecurity Risk https://blog.criminalip.io/2022/09/23/lockbit-3-0-ransomware/

>>>>> Your data is stolen and encrypted.
If you don’t pay the ransom, the data will be published on our TOR darknet sites. 
Keep in mind that once your data appears on our leak site, 
it could be bought by your competitors at any second, 
so don’t hesitate for a long time. 
The sooner you pay the ransom, the sooner your company will be safe.

LockBit 3.0 Ransomware Unlocked Dana Behling October 15, 2022 35 min read https://blogs.vmware.com/security/2022/10/lockbit-3-0-also-known-as-lockbit-black.html

ITエンジニアを悪の道へ誘う「LockBit3.0」とは何者か 2022年10月27日 19時55分 https://www3.nhk.or.jp/news/html/20221027/k10013871631000.html

https://techmonitor.ai/technology/pendragon-posted-on-lockbit-3-0-blog

October 25, 2022 LockBit 3.0 demands $60m from UK car dealership Pendragon

Ransomware-as-a-Service gang LockBit 3.0 has posted UK-based car dealership Pendragon onto its dark web blog.

BlackMatterの機能で強化されたランサムウェア最新バージョンLockBit 3.0 https://www.trendmicro.com/ja_jp/research/22/h/lockbit-ransomware-group-augments-its-latest-variant--lockbit-3-.html

https://twitter.com/mbsdnews/status/1572657832981569538?s=20&t=tzVkKIgrvs9Dr37FfhJbMw

攻撃グループ「LockBit3.0」をハッキングしたと主張する人物が出現し
公開した「ビルダー」とされる流出ツール一式について、
検体の生成と暗号化の動作が可能である事、
LockBit3.0と酷似する挙動などを確認、簡易的な調査結果を共有します。

LockBit 3.0の検体が未知のパッカーでパックされた複数のセクションを持つWin32 .exeファイルであることがわかりました

1.1. 被害

https://www.bleepingcomputer.com/news/security/french-hospital-hit-by-10m-ransomware-attack-sends-patients-elsewhere/#.YwVda20FmXU.twitter

1.2. 解説

LockBitランサムウェアとは https://www.kaspersky.co.jp/resource-center/threats/lockbit-ransomware

What kind of malware is LockBit 3.0? https://www.pcrisk.com/removal-guides/24242-lockbit-3-0-ransomware

LockBit 3.0 と BlackMatter の関係を分析 https://iototsecnews.jp/2022/07/27/experts-find-similarities-between-new-lockbit-3-0-and-blackmatter-ransomware/

英語班 https://thehackernews.com/2022/07/experts-find-similarities-between.html

「この LockBit 3.0 の注目すべき動作は、そのファイル削除技術である。

削除のためのバッチやコマンドを cmd.exe で実行する代わりに、
バイナリから復号化された .tmp ファイルをドロップして実行する。
この .tmp ファイルは、フォレンジック・ツールによる復元を防ぎ、痕跡を消すために、
元のファイル名の長さ (拡張子を含む) をベースにした新しいファイル名で、
ランサムウェアのバイナリの内容を上書きし、バイナリの名前を何度も変更する」

What Is the LockBit 3.0 Ransomware and What Can You Do About It? https://www.makeuseof.com/what-is-lockbit-ransomware-what-can-you-do-about-it/

https://www.darkreading.com/attacks-breaches/lockbit-3.0-improved-malware-gang-top

LockBit 3.0: Significantly Improved Ransomware Helps the Gang Stay on Top

Robert Lemos Contributing Writer, Dark Reading July 27, 2022

Reverse-engineering the latest ransomware executables from the group behind LockBit shows that the developers have added capabilities from other popular attack tools and are actively working to improve LockBit's anti-analysis capabilities, according to researchers.

Major Improvements for LockBit 3.0

The changes to the latest version of the LockBit ransomware includes functions that collect system APIs as a way to use legitimate functions as part of its attack and extensive — albeit fairly simple — encryption of configuration data and code, according to Trend Micro's advisory.

Perhaps most notably, a major addition to LockBit 3.0 is a set of features to slow down or prevent reverse engineering. The program includes, for example, a password required to decrypt the main body of executable code and a feature that attempts to crash debuggers.

"They pride themselves on their ability to regularly update their ransomware and ransomware-as-a-service offerings," says Trend Micro's Clay. "There are a lot more obfuscation capabilities in 3.0, and they put in a lot of features that try to minimize how much analysts and researchers can discover about their code."

Meanwhile, the adoption of BlackMatter tactics is unsurprising, given that both LockBit and BlackMatter are Russia-linked groups and cybercriminals are increasingly moving between groups.

2.0から3.0へバージョンアップしたLockBitランサムウェア

https://cybersecurity-info.com/column/2-0%E3%81%8B%E3%82%893-0%E3%81%B8%E3%83%90%E3%83%BC%E3%82%B8%E3%83%A7%E3%83%B3%E3%82%A2%E3%83%83%E3%83%97%E3%81%97%E3%81%9Flockbit%E3%83%A9%E3%83%B3%E3%82%B5%E3%83%A0%E3%82%A6%E3%82%A7%E3%82%A2/


CategoryDns CategoryWatch CategoryTemplate

MoinQ: Security/ransomware/Lockbit3.0 (last edited 2023-01-25 02:40:41 by ToshinoriMaeno)