Wake-Up Call as 3AM Ransomware Variant Is Discovered
Symantec says it was used in a failed LockBit attack
LockBit is a ransomware operation covered through reported incidents, technical analysis, disruption efforts, and guidance to defend systems and data.
Search across headline titles and summaries.
Background for this topic.
LockBit is a ransomware family and associated cybercrime operation—not an unrelated product or project—that has been reported in attacks where malware encrypts files on compromised systems and disrupts access. Coverage under this tag includes technical analysis of LockBit variants, reported incidents, infrastructure or law-enforcement disruption, and claims about stolen data or extortion; individual reports may differ in what is verified.
For defenders, the material risks are rapid encryption across reachable systems and possible exposure of data taken before encryption. Priorities include promptly addressing internet-facing vulnerabilities and exposed credentials, restricting lateral movement with segmentation and least privilege, and maintaining tested offline or otherwise isolated backups. Monitor for suspicious administrative activity and mass file changes, preserve logs and affected systems for investigation, and use threat intelligence on LockBit indicators to support containment. A suspected incident requires coordinated isolation, recovery, and assessment of privacy or regulatory obligations rather than assuming that paying restores systems or prevents disclosure.
Symantec says it was used in a failed LockBit attack
Nothing good happens after 2 a.m., they say, especially when hackers have two kinds of ransomware at their disposal.
A new ransomware strain called 3AM has been uncovered after a threat actor used it in an attack that failed to deploy LockBit ransomware on a target network. [...]
A new ransomware family called 3AM has emerged in the wild after it was detected in a single incident in which an unidentified affiliate deployed the strain following an unsuccessful attempt to deploy LockBit (aka Bitwise Spider or Syrphid) in the target network