A recent cyber threat has been identified by the New Jersey Cybersecurity & Communications Integration Cell (NJCCIC), known as LockBit Black. This ransomware campaign is spreading through a botnet, using millions of weaponized emails to target individuals and organizations, posing a significant risk to cybersecurity.

The LockBit Black campaign was brought to light by the NJCCIC’s advanced email security solutions, as well as incident reports and observations from various information-sharing and analysis centers. This campaign stands out for its use of malicious ZIP attachments in emails sent from email addresses like “JennyBrown3422[@]gmail[.]com” and “Jenny[@]gsd[.]com.”

When recipients open these ZIP files, they encounter a compressed executable that, when executed, triggers the LockBit Black ransomware on their systems. This specific strain of ransomware encrypts files, making them inaccessible to users and demanding a ransom for their release. The campaign has been linked to the Phorpiex (Trik) botnet, which delivers the ransomware payload.

Investigations have identified over 1,500 unique sending IP addresses associated with this campaign, with many originating from countries such as Kazakhstan, Uzbekistan, Iran, Russia, and China. Two specific IP addresses, 193 [.]233[.]132[.]177 and 185[.]215[.]113[.]66, were found to host the LockBit executables. To entice victims, the emails feature subject lines like “your document” and “photo of you???” Thankfully, the NJCCIC has effectively blocked or quarantined all related emails, reducing the immediate threat.

In response to this mounting threat, the NJCCIC has issued a set of recommendations to strengthen cybersecurity for individuals and organizations. These include:

– Security Awareness Training: Regular training sessions can help individuals identify and avoid malicious communications.
– Strong, Unique Passwords and Multi-Factor Authentication (MFA): Using complex passwords and enabling MFA adds an extra layer of security.
– System Updates and Patch Management: Keeping systems updated and applying security patches promptly is vital to defend against vulnerabilities.
– Endpoint Security Solutions: Installing robust endpoint security software protects against various malware.
– Monitoring and Detection: Implementing solutions to monitor for suspicious activities can aid in early breach detection.
– Email Filtering Solutions: Deploying spam filters and email filtering technologies can block malicious messages.
– Ransomware Mitigation Techniques: Following NJCCIC’s ransomware mitigation guidelines can help organizations respond to incidents effectively.

Moreover, the NJCCIC encourages reporting phishing emails and other malicious cyber activities to the FBI’s Internet Crime Complaint Center (IC3) and the NJCCIC. This collaborative effort aims to combat cyber threats effectively.

In conclusion, the LockBit Black ransomware campaign poses a serious threat to cybersecurity, but with proactive measures and increased awareness, individuals and organizations can strengthen their defenses against such malicious attacks. Reporting suspicious activities and working together to thwart cyber threats remains crucial in safeguarding against potential harm.

Link na izvor