The New Jersey Cybersecurity and Communications Integration Cell (NJCCIC) recently issued a warning regarding the LockBit ransomware group’s latest tactics. Dubbed the LockBit Black Ransomware Campaign, this operation utilizes the Phorpiex Botnet to orchestrate a large-scale phishing email onslaught.
According to NJCCIC’s alert, the Phorpiex Botnet has been active since April 2024, bombarding unsuspecting recipients with approximately 9 million emails. These emails contain ZIP file attachments harboring malicious payloads.
The attack method is straightforward: leverage the LockBit 3.0 version botnet to disseminate malware. Once clicked by the target, the attachment triggers the download of a binary file.
Security researchers, notably from Proofpoint, have analyzed the phishing emails accompanying this campaign. They’ve observed a plethora of subject lines, including “Your document,” “Photo of You,” and names like Jenny Brown and Jenny Green. The emails originate from over 1500 distinct addresses worldwide, spanning regions such as China, Russia, Iran, Uzbekistan, and Kazakhstan.
To combat such threats effectively, experts emphasize the importance of proactive measures. NJCCIC advises fostering awareness among employees regarding prevalent threats like phishing emails. Employees should exercise caution when encountering emails from unfamiliar sources, as they often harbor links leading to ransomware-related payloads.
Despite numerous law enforcement interventions and seizures of their IT infrastructure, the LockBit cybercriminal group persists in executing lucrative malicious campaigns. Implementing email filtering tools to mitigate the spread of spam may provide additional defense.
In a related development, the cybercrime group known as Salfetka, responsible for breaches targeting Yamaha Motors, Xerox Business, and Scotland’s National Health Services, has announced plans to sell the source code of INC Ransom for a substantial sum of $300,000. This development underscores the evolving landscape of cyber threats and the lucrative nature of ransomware operations.