Researchers discover new Lilith ransomware

A new ransomware operation has been launched under the name “Lilith.” The ransomware was discovered by JAMESWT. Lilith is a C/C++ console-based ransomware designed for 64-bit versions of Windows. The ransomware operation engage in double extortion attacks.

The analysis of Cyble researchers shows that before encryption process is initiated, Lilith creates and drops ransom notes on all the enumerated folders. The note threatens victims with public data exposure and gives them three days to contact the ransomware operators.

Once executed, Lilith will attempt to terminate processes that match entries on a hard-coded list, including Outlook, SQL, Thunderbird, Steam, PowerPoint, WordPad, Firefox, and more. Doing this free up valuable files from applications they are now likely to use, making them available for encryption.

Files excluded from encryption include EXE, DLL and SYS. Program files, web browsers and the folders in the recycle bin are also bypassed.

The researchers also noted that Lilith contains an exclusion for “ecdh_pub _k.bin,” which stores the local public key for BABUK ransomware infections. According to researchers, this could be a leftover from copied code, which could be an indication of a connection between the two ransomware strains.

The ransomware appends the “.lilith” file extension when files are encrypted, and the encryption takes place via the cryptographic API of Windows. The CryptoGenRandom function of Windows generates the random key.

The sources for this piece include an article in BleepingComputer.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web