In a recent attack against a construction company, hackers who failed to execute LockBit in a target network were observed deploying a second, never-before-seen ransomware, which managed to break through.
The new tool is rather standard fare, blocking various cybersecurity and backup-related software before locking up files on its host computer. But it distinguishes itself with an adorable little theme: 3 a.m., a time when perhaps only insomniacs, hardcore night owls, and black hat hackers are still up and working away.
In a report this week, researchers from Symantec described the first observed use of 3AM — a double-whammy attack in which the LockBit ransomware was blocked but then 3AM squeaked through in one compromised machine.
"This is not the first time we've seen attackers use more than one ransomware family," warns Dick O'Brien, principal intelligence analyst for the Symantec threat hunter team. "Organizations should expect this to happen."
