If LockBit hasn’t seen enough news, Bleeping computer is reporting that a Botnet who has been around for at least a decade is now sending out messages with LockBit zip attachments.
These are Phishing emails with subject lines that may include “Your Document” and “photo of you” or any type of variation.
This is using the 3.0 version of Lock Bit and is being sent out through Phorpiex botnet. This is the botnet that has been around for a decade, and has been also known to send sextortion messages out too.
The name of the person who appears to send the email is named Jenny Green.
According to Jaws and their Picture Smart AI, the file in one example is document.zip and of course as the article states, contains an executable. Here’s what picture smart says about it both from Claud, (Microsoft) and Chat GPT (Open AI) for you to compare what is going on here in the image.
Claude
The image appears to be a screenshot of an email client or messaging application. The main part of the window displays an email or message from someone named Jenny Green with the email address . The subject line reads “Your Document”.
The message body states “Hello, you can find your document in the attachment.” It also says “Please reply as soon as possible.” and is signed “Best regards, NKL Support.”
Attached to the email is a compressed file named “Document.zip” with a size of 92 KB.
The interface has various icons and menus typical of an email or messaging application, such as options to navigate between messages, attachments, address fields, and what seems to be a search or help option in the top right corner.
ChatGPT
The image shows a screenshot of an email interface. At the top, there are tabs labeled “FILE” and “MESSAGE,” indicating the functions or sections of the email program. The screenshot includes the details of an email received on Thursday, 12/21/2023 at 8:54 AM from Jenny Green, whose email address is partially visible as
. The subject of the email is “Your Document.” The main body of the email contains a brief message. It reads:
“Hello, you can find your document in the attachment.
Please reply as soon as possible.
Best regards, NKL Support.”
There is an attachment to the email named “Document.zip” which is 92 KB in size. Below the message, there’s a footnote with a link to “See more about Jenny Green,” indicating that additional information about the sender is accessible.
The interface has an icon suggesting that there’s an option to reply to the email (represented by two silhouetted heads and arrows). The graphic elements, layout, and icons present resemble that of a typical email client used for communication in professional or personal contexts.
It’s important to note that this appears to be a standard business email, but users should always exercise caution with email attachments, especially from unknown senders, as they can potentially contain harmful files like viruses or malware.
The ransomware note may be of value, and Jaws picture smart will describe these.
Claude
The image appears to be a text file opened in a text editor called “Notepad2”. The contents of the file indicate that it is a ransom note from cybercriminals who have encrypted the user’s files using malware.
The message states “ALL YOUR FILES ARE ENCRYPTED !!!” and warns the user that they cannot restore the files without the decryptor provided by the attackers. It advises against trying to use public tools to decrypt the files, as that could damage them permanently.
To prove their decryptor works, the attackers offer to decrypt one file for free if contacted. They provide instructions to download a messaging app called TOX and add a specific ID to communicate with them.
The tone of the message is threatening, pressuring the user to pay the ransom demand to regain access to their encrypted files. However, I cannot recommend engaging with these cybercriminals, as that would encourage further criminal activities.
ChatGPT
The image shows a text file opened in Notepad2, which appears to be a ransom note commonly associated with a ransomware attack. The note contains a message stating that all files on the computer have been encrypted and demands the user to contact the attackers through a secure messaging service to decode one file for free, a common tactic used to prove that the attackers can actually decrypt the files. To facilitate this, a TOX messenger download link and an alphanumeric TOX ID are provided. The intention is to convince the victim to follow the instructions to potentially pay a ransom to regain access to their encrypted files. This type of message is indicative of a serious security breach. If this image is from your own computer, it is crucial to seek professional cybersecurity assistance immediately and not to follow any instructions given in such ransom notes.
It is interesting that both of the models who described the image are saying this, and this is the first time we’ve used this technique to describe the images, especially in text ones. This might be of value for those who are disabled, and we thanks Freedom Scientific for giving us this opportunity to use tools like Picture Smart with these models to see what exactly is going on.
With this said, we’ve talked about this type of thing in the past, and this type of attack is nothing new.
Well before Ransomware, we’ve seen files like this which would deliver viruses and trojans. Don’t be fooled by the fact that you’re seeing this for the first time.
People who have been on the Internet longer may have seen this more than once, in different types of attacks.
As Claud and Chat GPT say, its not recommended to communicate with these folks, and what’s interesting is that for the first time, we can see what someone might be told to use to communicate with someone that could in fact “help you” (in quotes) and this new information was quite interesting.
What do you guys think? Have you seen subject lines like the ones discussed in the article or screen shots and how did you respond?
Botnet sent millions of emails in LockBit Black ransomware campaign is the article coming from Bleeping Computer, and I hope that you get a chance to read it.
Make it a great day!