NotLockBit: A Deep Dive Into the New Ransomware Threat

Tags

External References

• https://blog.qualys.com/
• https://otx.alienvault.com/

Description

NotLockBit is an emerging ransomware family that mimics LockBit's behavior while targeting both macOS and Windows systems. Distributed as an x86_64 golang binary, it showcases advanced capabilities including targeted file encryption, data exfiltration, and self-deletion mechanisms. The malware gathers system information, generates and encrypts a master key, and writes collected data to text files. It utilizes AWS credentials for data exfiltration, encrypts specific file types while avoiding certain directories, and employs AES encryption. NotLockBit alters the desktop wallpaper and performs self-deletion after execution. The analysis reveals variations in obfuscation and compilation techniques across samples, highlighting its sophistication and evolving nature in the ransomware landscape.

Date