The New Jersey Cybersecurity and Communications Integration Cell has warned that the Phorpiex botnet has been used since April to send millions of phishing emails as part of a large-scale LockBit Black ransomware campaign, reports BleepingComputer.
The campaign uses ZIP attachments with an executable that deploys LockBit Black, encrypting victims' systems. These emails, using aliases like "Jenny Brown" or "Jenny Green," originate from over 1,500 unique IP addresses around the world.
The attack begins when targets open the malicious ZIP and execute the binary it contains, which downloads and runs the ransomware. The ransomware will then attempt to close services, encrypt files, and steal sensitive data.
The campaign is notable for its volume despite its lack of sophistication, with targets belonging to various industries globally. The Phorpiex botnet has been active for over a decade and was previously known for sextortion emails and cryptocurrency theft, but is seeing new use in this campaign.
To protect against the threat, NJCCIC advises using ransomware mitigation strategies, endpoint security solutions, and email filtering to block malicious messages.
