3am, also known as ThreeAM, is a ransomware group that emerged in mid-August 2023. The group notably operates as a fallback option, deployed when initial attempts by affiliates to use other ransomware strains, such as LockBit, have failed. While not a direct successor, 3am ransomware has been linked to BlackSuit and Royal ransomware, and is assessed with moderate confidence to be connected to core teams of the disbanded Conti syndicate. The group's primary motivation is financial, operating under a double extortion model where victim data is exfiltrated and then encrypted, with threats of public release if ransom demands are not met. A distinguishing characteristic of 3am is that its ransomware executable is written in Rust, which is uncommon among ransomware families and provides performance benefits. Furthermore, the group has been observed using an outdated PHP script, Yugeon Web Clicks v0.1 from 2004, to monitor activity on their dark web leak site, a tactic that suggests an attemp

Paises afectados

Sectores atacados

URLs nuevas detectadas en IntelTracker