3AM

Description

(Symantec) A new ransomware family calling itself 3AM has emerged. To date, the ransomware has only been used in a limited fashion. Symantec’s Threat Hunter Team, part of Broadcom, has seen it used in a single attack by a ransomware affiliate that attempted to deploy LockBit on a target’s network and then switched to 3AM when LockBit was blocked.

3AM is written in Rust and appears to be a completely new malware family. The ransomware attempts to stop multiple services on the infected computer before it begins encrypting files. Once encryption is complete, it attempts to delete Volume Shadow (VSS) copies. It is still unclear whether its authors have any links to known cybercrime organizations.

Names

Name
3AM

Type

Ransomware
Big Game Hunting

Information

https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/3am-ransomware-lockbit

Other Information

Uuid

edd78e6e-9ac3-4a71-a2fc-5e47c8aa3fd8

Last Card Change

2023-10-12

Threat Intelligence Garden

Explorer

3AM

3AM

Description

Names

Category

Type

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks