Fake LockBit Real Damage Ransomware Samples Abuse AWS S3 to Steal Data

NetmanageIT OpenCTI - opencti.netmanageit.com

Fake LockBit Real Damage Ransomware Samples Abuse AWS S3 to Steal Data



SUMMARY :

This report discusses malicious Golang ransomware samples that exploit Amazon S3's Transfer Acceleration feature to exfiltrate victims' data and upload it to attacker-controlled S3 buckets. The samples contained hard-coded AWS credentials linked to compromised accounts, allowing the researchers to track and report malicious activity. The ransomware attempted to disguise itself as LockBit ransomware, likely to leverage its notoriety and pressurize victims, though no connection to LockBit's operators was found.

OPENCTI LABELS :

ransomware,golang,aws,data-exfiltration,lockbit-imitation


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Fake LockBit Real Damage Ransomware Samples Abuse AWS S3 to Steal Data