A new ransomware family called 3AM has emerged in the wild after it was detected in a single incident in which an unidentified affiliate deployed the strain following an unsuccessful attempt to deliver LockBit (attributed to Bitwise Spider or Syrphid) in the target network.
“3AM is written in Rust and appears to be a completely new malware family,” the Symantec Threat Hunter Team, part of Broadcom, said in a report shared with The Hacker News.
“The ransomware attempts to stop multiple services on the infected computer before it begins encrypting files. Once encryption is complete, it attempts to delete Volume Shadow (VSS) copies.”
3AM gets its name from the fact that it’s referenced in the ransom note. It also appends encrypted files with the extension .threeamtime. That said, it’s currently not known if the malware authors have any connections with known e-crime groups.