Proofpoint researchers have flagged a LockBit Black ransomware campaign with message volume and delivery cadence not seen in malspam since Emotet.

Security brief: https://ow.ly/IcP550RELRF

The unusually high volume campaign was observed sending millions of emails facilitated by the Phorpiex botnet.

We have not attributed this campaign to a known threat actor. #LockBitBlack (aka LockBit 3.0) is based on the LockBit ransomware builder leaked in September 2022, which allows anyone to adopt the #LockBit configuration for customized versions.

The messages, which were sent for about a week beginning April 24, 2024, were from “Jenny Green” Jenny@gsd[.]com and contained an attached ZIP file with an executable (.exe).

If the LockBit Black sample is detonated on the end user’s system, it exhibits data theft behavior and seizes the system, encrypting files and terminating services.

This is a prime example of the recurring and significant shifts in the tactics, techniques, and procedures (TTPs) used by threat actors in today's evolving threat landscape.

Read the full security brief for more campaign details, ET Sigs and IOCs.