On Tuesday 12th of July 2022, researchers at Cyble released a report that revealed a series of new ransomware operations including the ‘Lilith’ ransomware operation who has already posted its first victim on a data leak site. Based on the analysis by the Cyble researchers, Lilith is C/C++ console-based ransomware which is designed for 64-bit versions of Windows.
The operation seems to follow the current trends of most active ransomware operations including performing double-extortions tactics. The analysis determined that there are no new novelties have been introduced by this operation yet and it has been discovered that the Lilith ransomware code has remnants from the leaked BABUK code as the ransomware contains an exclusion for “ecdh_pub_k.bin” which is used to store the local public key of BABUK ransomware infections.
The first victim of the Lilith ransomware operation was a large construction group based in South America, although the posting has been recently removed.