• About
  • Subscribe
  • Contact
Friday, June 20, 2025
    Login
FutureCISO
  • People
  • Process
  • Technology
  • Resources
    • White Papers
    • PodChats
No Result
View All Result
  • People
  • Process
  • Technology
  • Resources
    • White Papers
    • PodChats
No Result
View All Result
FutureCISO
No Result
View All Result
Home Process

Leaked source code used to launch a new type of ransomware

FutureCISO Editors by FutureCISO Editors
November 21, 2023
Image by Michael Treu from Pixabay

Image by Michael Treu from Pixabay

Share on FacebookShare on Twitter

Sophos X-Ops discovered that multiple malicious players have been taking advantage of a leaked source code from LockBit 3.0 to launch ransomware attacks. The group uncovered a ransomware note from a group that dubbed themselves “BlackDogs 2023”.

After Sophos X-Ops investigated an unsuccessful cyber attack against a customer, they discovered that the malicious players tried exploiting an old, unsupported server. This will allow the attackers to deploy the ransomware after gaining access to the company’s Windows servers. Sophos blocked the attack while Sophos X-Ops intercepted a ransom note requesting around USD 30,000 to recover data.

Second incident

Sean Gallagher, principal threat researcher, at Sophos, said that this is the second, recent incident of threat actors attempting to use the leaked LockBit source code to create new variants of ransomware. 

 “The first instance involved attackers taking advantage of a vulnerability in Progress Software’s WS_FTP Server software. Now, copycats are looking to take advantage of outdated and unsupported Adobe ColdFusion servers. It’s entirely possible that other copycats will emerge, which is why it’s essential for organisations to prioritize patching and upgrading from unsupported software whenever possible. However, it’s important to note that patching only closes the hole. With things like unprotected ColdFusion servers and WS_FTP, companies need to also check to make sure none of their servers are already compromised, otherwise, they’re still at risk of these attacks,” Gallagher added.

Related:  PodChats for FutureCISO: The business value of DMARC
Tags: LockBitransomwareSophos
FutureCISO Editors

FutureCISO Editors

Strategic Insights for Chief Information Officers

FutureCISO serves the interests of the Chief Information Security Officer (CISO) and the information security profession. Its purpose is to provide relevant and timely industry insights around all things important to security professionals and organisations that recognize and value the importance of protecting the organisation’s data and its customers’ privacy.

Cxociety Media Brands

  • FutureIoT
  • FutureCFO
  • FutureCIO

Categories

  • Privacy Policy
  • Terms of Use
  • Cookie Policy

Copyright © 2024 Cxociety Pte Ltd | Designed by Pixl

Login to your account below

or

Not a member yet? Register here

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • People
  • Process
  • Technology
  • Resources
    • White Papers
    • PodChats
Login

Copyright © 2024 Cxociety Pte Ltd | Designed by Pixl