NotLockBit: A Deep Dive Into the New Ransomware Threat
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
NotLockBit is an emerging ransomware family that mimics LockBit's behavior while targeting both macOS and Windows systems. Distributed as an x86_64 golang binary, it showcases advanced capabilities including targeted file encryption, data exfiltration, and self-deletion mechanisms. The malware gathers system information, generates and encrypts a master key, and writes collected data to text files. It utilizes AWS credentials for data exfiltration, encrypts specific file types while avoiding certain directories, and employs AES encryption. NotLockBit alters the desktop wallpaper and performs self-deletion after execution. The analysis reveals variations in obfuscation and compilation techniques across samples, highlighting its sophistication and evolving nature in the ransomware landscape.
OPENCTI LABELS :
ransomware,golang,encryption,cross-platform,data-exfiltration,notlockbit,aws-abuse,self-deletion
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
NotLockBit: A Deep Dive Into the New Ransomware Threat