When we talk about security threats out there, ransomware is sadly top of mind these days.  You know what else we hear a lot about?  Bot nets.  You know what’s worse than just bots or ransomware?  Combining the two, which has begun to happen, believe it or not.  Let’s dive deeper in our latest take on some of the newest trends in ransomware.

Amadey Bot Deploys LockBit 3.0

If you haven’t been keeping score, ransomware groups are often more sophisticated than many software companies out there, and yes, they have releases of software and even provide release notes in some cases.

LockBit 3.0 is the latest from the LockBit RaaS organization.  LockBit 3.0, also known as LockBit Black boasts features like enhanced deletion capabilities to make sure you really can’t recover if you don’t have a backup and won’t pay the ransom.

Best of all?  LockBit even launched a bug bounty program.

Back to why this combo is so bad though.  Amadey deploying LockBit is especially bad because Amadey Bot takes the form of a malicious Word doc or a exe disguised as a Word doc.  That means it is pretty simple to get most people to open it.  So what’s worse, clicking a link in an e-mail or clicking on a bad word doc?  In either case, there’s a lot of damage to be done.

This is another case of innovation by malicious actors who are busy trying to find the easiest path into your environment.  According to the researchers at ASEC, the malicious Word files and the e-mails they come in use keywords like resume and copyright, which is pretty likely to get them opened by the victims, should it get passed screening software (you are screening incoming e-mails right?)

Of course, like most malware out there, Amadey Bot can be purchased for threat actors to use, and considering the form it takes, this makes the barrier to entry for deploying ransomware even lower.  A well crafted e-mail is all it takes to deploy ransomware inside of an organization.

Remember, LockBit operates as a Ransomware as a Service organization, meaning associates simply need to deploy LockBit, and the LockBit group does the rest when it comes to ransom negotiations.  This makes it even easier for someone with minimal skills to compromise an environment.

The Ever Changing Ransomware Landscape

The ransomware landscape continues to evolve, with threat actors getting more and more creative.  We see new software releases from groups like LockBit on a regular basis, and new ransomware groups coming onto the radar all of the time.  What doesn’t change is the goal of these organizations: to get their victims to pay any way possible, either by encrypting or stealing data.

At this point, we would hope that many organizations were ready for the imminent cyber attack, but it still does not seem to be the case.  The time is now for organizations to start planning on how they will detect and respond to ransomware during an attack.  A few simple changes now can mean a big difference when it comes to succeeding in recovery or having to pay the ransom.

Looking to understand the latest trends in ransomware?  Be sure to check out some of 24×7 IT Connection’s other ransomware coverage like:

Once a month, we cover the latest and hottest in ransomware trends, and keep up to date on this emerging threat.