Affiliates of the LockBit Ransomware-as-a-Service gang are using the Amadey Bot to install the LockBit 3.0 ransomware payload on target systems. First discovered in 2018, the Amadey Bot is capable of exfiltrating data and installing second-stage payloads by receiving instructions from its Command-and-Control (C2) server. It has been deployed previously by the cybercriminal group TA505 to install the FlawedAmmy remote access trojan, an adversary known for deploying Clop ransomware.

Download the report