Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Millions of phishing emails sent through botnet to push LockBit ransomware

An abstract image of a lock against a digital background, denoting cybersecurity.

Hackers are, once again, pushing out the LockBit ransomware, but this time around, some have been spotted using an old and widely available phishing platform called Phorpiex.

Researchers from Proofpoint, who have been observing the campaign since late April 2024, noted an unidentified LockBit affiliate has been using the Phorpiex phishing kit to deliver LockBit Black (also known as LockBit 3.0) to as many endpoints as possible. 

The campaign doesn’t seem to be particularly targeted, or personalized - the attackers are casting a wide net and are just looking at what catches on.

Malicious intent

The campaign also seems to be lacking personalization in terms of the phishing email itself. Proofpoint says all of the emails are going out from the same address - Jenny@gsd[.]com - the same address that was seen in malware campaigns as early as January 2023. In the body of the email, the victim is told to view the document in the attachment, and nothing more. 

The attachment is a .ZIP archive with a .EXE file that, if triggered, drops LockBit 3.0. Interestingly enough, the ransomware locks the device down locally, and does not try to worm itself through any networks. This might limit its encryption potential, but also prevents any network detections and blocks. 

LockBit is a known ransomware-as-a-service, with different versions circulating around the darknet. Among the most popular versions are LockBit 2.0 and LockBit Green. This version, LockBit 3.0 (LockBit Black) was allegedly created in early summer of 2022, by some of the ransomware’s affiliates. 

Earlier this year, a team of international law enforcement agencies engaged in a major campaign that disrupted LockBit’s infrastructure, seized many devices and plenty of cryptocurrencies extorted over the years - but since no arrests were made, LockBit re-emerged roughly a week later. 

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.