New SolidBit strain targeted gamers and social media users

August 12, 2022
SolidBit Ransomware Strain Gamers Gaming Social Media League of Legends Github

The SolidBit ransomware’s new variant is circulating in the cybercriminal landscape, targeting gamers and social media users online.

Based on reports, the new ransomware variant is uploaded on GitHub and propagated by impersonating an application to bait targets. Most targeted applications included well-known games such as the League of Legends account checker feature.

Once an unaware user activates the application, it will immediately run a malicious PowerShell code that drops the SolidBit ransomware. Another file that contains the ransomware is coded as source code. However, the ransomware appears to be different from the compiled binary.

 

SolidBit also includes a [.]NET binary before encryption.

 

After analysing SolidBit, the researchers noticed that the ransomware checks for targeted files and directories to avoid them if discovered in the targeted systems. The ransomware variant utilises a 256-bit AES algorithm for encryption.

Subsequently, SolidBit attaches the [.]SolidBit file extension to the encrypted files and alters their file icons. This ransomware strain also obstructs 42 services and removes shadow copies and backup catalogues during infection.

SolidBit might have several similarities with LockBit ransomware. Several analysts drew these assumptions following the formatting style of chat support websites and the file names of the dropped ransom notes.

However, several researchers insisted that the ransomware duplicates Chaos ransomware. Hence, the ransomware’s operators may be currently under the management of the original authors of Chaos ransomware. It may also likely be modified to some features from the Chaos builder that later rebranded to what it is today.

Numerous threat actors are now inclined to use malicious applications to spread ransomware. Some of these entities also posted job offers on underground forums to recruit potential affiliates for ransomware-as-a-service activities.

Experts said that these ransomware operators would likely expand their attack landscape in the future by employing multiple tactics in their arsenal. Their current strategy against gamers and social media users also poses a significant threat to millions of targets who are not well-equipped with security knowledge.

About the author