A new ransomware operation has been launched under the name 'Lilith,' and it has already posted its first victim on a data leak site created to support double-extortion attacks.
Lilith is a C/C++ console-based ransomware discovered by
JAMESWT and designed for 64-bit versions of Windows. Like most ransomware operations launching today, Lilith performs double-extortions attacks, which is when the threat actors steal data before encrypting devices.
According to a report by researchers at
Cyble who analyzed Lilith, the new family doesn't introduce any novelties. However, it's one of the latest threats to watch out for, along with
RedAlert and
0mega that also recently emerged.
A look at Lilith
Upon execution, Lilith attempts to terminate processes that match entries on a hardcoded list, including Outlook, SQL, Thunderbird, Steam, PowerPoint, WordPad, Firefox, and more.
This frees up valuable files from applications that may be using them at the moment, thus making them available for encryption.
Before the encryption process is initiated, Lilith creates and drops ransom notes on all the enumerated folders.
The note gives the victims three days to contact the ransomware actors on the provided Tox chat address, or they are threatened with public data exposure.
