Connect with us

Hi, what are you looking for?

Tech & Science

LockBit Black ransomware is at the heart of new phishing emails

The phishing email, used to deliver the LockBit Black ransomware, was found in environments protected by Microsoft APT and TrendMicro.

Computer systems are vulnerable to cyberattack. — Image © Tim Sandle
Computer systems are vulnerable to cyberattack. — Image © Tim Sandle

A new high-volume malicious code-laden email campaign has been hitting businesses hard in the U.S. The technology firm Cofense Intelligence has been tracking this large-scale phishing campaign, which is being sent through the Phorpiex botnet. The malicious code deploys LockBit Black ransomware.

LockBit ransomware is a malicious software that blocks user access to computer systems in exchange for a ransom payment. The code is self-spreading and the bad actors behind its deployment tend to target those with the ability to pay a large ransom.

Looking into the significance is Dylan Duncan, Cyber Threat Intelligence Analyst at Cofense,.

Duncan begins by assessing the potential origin of the cyber-incident: “While it’s unclear where this version of LockBit originated from, it’s believed to be created from a variant of LockBit that was leaked.”

As to the specifics, Duncan explains: “The campaign utilizes the Phorpiex botnet, also known as Trik, which is a basic botnet but still has the capabilities to disseminate a high volume of emails. In this case, that is exactly how the botnet is being used.”

As to the implications: “Quantity over quality is the best way to describe this campaign as the emails are very simple, sent at high volume, and do not appear to be targeting any specific sector.”

This carries a significant risk to many firms: “Nevertheless, it is always a high-level threat when there is a risk of a ransomware infection and unfortunately this is the case. The emails identified by Cofense have already proven capable of successfully bypassing security infrastructure like spam filters. This is unfortunate given there aren’t any complex tactics, techniques, or procedures (TTPs) involved in the phishing emails.”

Standard defences have not proved to be successful in the latest round. Ducan observes: “The phishing email, used to deliver the LockBit Black ransomware, was found in environments protected by Microsoft APT and TrendMicro.”

Further with the attack mode, Duncan notes: “It delivers a ZIP archive that contains an SCR file, that when run by a user, infects the target with ransomware. The email lure is relatively simple just referencing an attached document and a request for a quick response.”

Recounting these further, Duncan says: “This first batch of emails were all sent from “Jenny Green” which has become quite notorious for this campaign, but it wouldn’t be difficult for the threat actors to change this in future emails.” With this, Ducan strikes a note of caution for the business community.

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Tech & Science

Education bosses in Los Angeles voted Tuesday to work towards a complete ban on the use of smartphones in the city's schools.


Asian markets drifted Thursday as investors try to gauge the outlook for US interest rates.


Whether it’s the timeless class of Harry Kane’s Bentley Continental or the sporty style of Kyle Walker’s Lamborghini Huracan.


These data show an overall trend in fewer miles before a collision globally, suggesting the need for a renewed focus on safety.