New Ransomware called ‘Lilith’ posts its first victim

A new ransomware operation called ‘Lilith’ has already posted its first victim on a data leak site created to support double-extortion attacks.

Lilith is C/C++ console-based ransomware discovered by JAMESWT and designed for 64-bit versions of Windows. Amongst the ransomware operations launching today, Lilith performs double extortion attacks, which is when the hackers steal data before encrypting devices.

According to a report by researchers at Cyble who analyzed Lilith, the new family doesn’t introduce any novelties. However, it’s one of the latest threats to watch out for, along with RedAlert and omega that also recently emerged.

“Upon execution, Lilith attempts to terminate processes that match entries on a hardcoded list, including Outlook, SQL, Thunderbird, Steam, PowerPoint, WordPad, Firefox, and more. This frees up valuable files from applications that may be using them at the moment, thus making them available for encryption,” a source as per Bleeping Computer.

Before the encryption process is initiated, Lilith creates and drops ransom notes on all the enumerated folders.

The notes give the victims three days to contact the ransomware actors on the provided Tox chat address, or they are threatened with public data exposure.