Cybersecurity News in Asia

Features
- Featured
  
  The latest threat to e-commerce
  
  Tuesday, July 23, 2024, 9:06 AM Asia/Singapore | Features
- Featured
  
  AI/ML can reduce mundane cybersecurity tasks, but they are not silver bullets
  
  Friday, July 19, 2024, 10:08 AM Asia/Singapore | Features, Opinions
- Featured
  
  Cybersecurity experts warn against Olympics 2024 threats
  
  Thursday, July 18, 2024, 1:39 PM Asia/Singapore | Features, Newsletter
News
- Featured
  
  Chinese organized crime syndicate linked to trillion-dollar criminal activities worldwide
  
  Thursday, July 25, 2024, 4:10 PM Asia/Singapore | News, Newsletter
- Featured
  
  What causes ransomware victims to pay up despite “do not pay” policies?
  
  Thursday, July 25, 2024, 9:11 AM Asia/Singapore | News, Newsletter
- Featured
  
  The day an EDR software update brought down critical infrastructures worldwide
  
  Monday, July 22, 2024, 9:08 AM Asia/Singapore | News, Newsletter
Opinions
Tips
Whitepapers
Awards 2024
Directory
E-Learning

News

Waves of new ransomware surface after 2022 LockBit codebase leak

By CybersecAsia editors | Wednesday, October 25, 2023, 9:15 AM Asia/Singapore

A developer disgruntled by LockBit’s leaders had leaked a builder that allows all manner of malicious actors to generate ransomware variations.

Back in September 2022, source code for the LockBit ransomware was leaked and made available for download by all manners of cybercriminals and state-sponsored threat groups. Now, researchers have been tracking multiple threat groups’ efforts to capitalize on the leaked source code to launch ransomware attacks.

After investigating a specific thwarted ransomware attack, researchers have uncovered a ransomware note from a previously unknown group calling themselves “BlackDogs 2023”.

The attackers had attempted to exploit an old, unsupported version of Adobe’s ColdFusion server in order to gain access to the target firm’s Windows’ servers — and then to deploy the ransomware. The attack was blocked by the firm’s defenders, but a latent ransom note demanding 205 Monero (roughly US$30,000) was spotted in the code.

Becoming more desperate, the threat group then made numerous additional attempts to launch their attacks using HTA files and Cobalt Strike binaries — in vain.

According to Sean Gallagher, Principal Threat Researcher, Sophos, which announced the research findings, this is the second LockBit copycat the firm has uncovered in recent weeks. “This is the second, recent incident of threat actors attempting to take advantage of leaked LockBit source code to spin new variants of ransomware that we’ve uncovered in recent weeks. The first instance involved attackers taking advantage of a vulnerability in WS FTP server software. Now, there are copycats looking to take advantage of outdated and unsupported Adobe ColdFusion servers.”

Gallagher suggested that it is “entirely possible that other copycats will emerge, which is why it’s essential for organizations to prioritize patching and upgrading from unsupported software whenever possible.”

Note that patching only closes the hole: with things like unprotected ColdFusion servers and WS_FTP, firms need to also check to make sure none of their servers have already been furtively compromised.

Leave a reply Cancel reply

You must be logged in to post a comment.

Voters-draw/RCA-Sponsors

CybersecAsia Voting Placement

Gamification listing or Participate Now

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

2024 Voice of the CISO
The "2024 Voice of the CISO" report by Proofpoint offers insights from a survey of …Download Whitepaper
Securing Industry 4.0
The world is advancing to Industry 4.0 in full swing, and this is a key …Download Whitepaper
To the Power of Proofpoint
Microsoft 365 is indispensable for modern businesses, facilitating remote work, global collaboration, and cloud operations.Download Whitepaper
The 2024 Data Loss Landscape
The 2024 Data Loss Landscape Report by Proofpoint reveals that 85% of organizations have encountered …Download Whitepaper

Middle-sidebar-banner

Case Studies

Eliminating “vault sprawl” helps DCB Bank (India) in more ways than one
Centrally rotating and management credentials in its developer workflows using an identity security platform has …Read more
Nan Fung Group rolls out secure NFC building access app for Apple Wallet users
Tenants of the AIRSIDE office tower in Hong Kong are the first to experience the …Read more
What data-driven organizations need today and in the future
Our data-driven business world needs purpose-built data protection solutions that combine centralized management with a …Read more
How medical devices manufacturer Tuttnauer protects patient and personal-data safety
In running a cloud-based portal to link its smart medical equipment, the firm has also …Read more

Cybersecurity News in Asia

Featured

The latest threat to e-commerce

Featured

AI/ML can reduce mundane cybersecurity tasks, but they are not silver bullets

Featured

Cybersecurity experts warn against Olympics 2024 threats

Featured

Chinese organized crime syndicate linked to trillion-dollar criminal activities worldwide

Featured

What causes ransomware victims to pay up despite “do not pay” policies?

Featured

The day an EDR software update brought down critical infrastructures worldwide

Waves of new ransomware surface after 2022 LockBit codebase leak

A developer disgruntled by LockBit’s leaders had leaked a builder that allows all manner of malicious actors to generate ransomware variations.

Related Posts

Leave a reply Cancel reply

Voters-draw/RCA-Sponsors

CybersecAsia Voting Placement

Gamification listing or Participate Now

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

Middle-sidebar-banner

Case Studies

Bottom sidebar