BlackBit Ransomware: A Threat from the Shadows of LokiLocker
The BlackBit ransomware, a variant of LokiLocker ransomware, has been identified as a growing threat by the Cyble Research and Intelligence Lab (CRIL). First discovered in September 2022, BlackBit is distributed in Korea and operates on a Ransomware-as-a-Service (RaaS) model. It is a sophisticated strain with capabilities for persistence, defense evasion, and impairing recovery. The ransomware uses three methods to present payment information to victims: dropping ransom notes, displaying pop-ups when encrypted files are opened, and presenting an HTA page via mshta.exe. BlackBit disables Windows Defender, firewalls, and Task Manager while also terminating processes and services to ensure effective encryption. It continues to monitor the victim's system even after encrypting files, waiting for new files to be created or modified for further encryption. To prevent ransomware attacks, it is recommended to conduct regular backups, use automatic software updates, employ reputable anti-virus software, and avoid opening untrusted links and email attachments. Malware: BlackBit, LokiLocker [View Article](https://blog.cyble.com/2023/05/03/blackbit-ransomware-a-threat-from-the-shadows-of-lokilocker/)