Architecture firms across Spain have been warned by the country's police force regarding an ongoing highly sophisticated LockBit Locker ransomware campaign, according to BleepingComputer.
Phishing emails purporting to be from a new photography store seeking renovation plans and cost estimates have been sent by attackers to establish rapport with their target entities, which would later receive an archive with files detailing the renovation's specifics, said the National Police of Spain. Opening the archive, which is a disk image file, in later Windows versions would prompt file mounting as a drive letter while showing contents, including a folder with Python and batch files and executables, as well as a Windows shortcut facilitating malicious Python script execution.
Such a script would enable LockBit Locker ransomware execution after establishing persistence in the compromised devices with admin users, while FodHelper UAC bypass has been exploited to deploy the encryptor in devices with users that are not admins.
Threat actors leveraging the leaked LockBit 3.0 ransomware builder have been suspected by BleepingComputer to be behind the campaign.
Ransomware
Ongoing LockBit Locker ransomware campaign reported in Spain
Share
An In-Depth Guide to Ransomware
Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds