Symantec specialists have discovered a new family of ransomware called 3am, which was unveiled in a recent incident where an unidentified hacker attempted to install LockBit Mr. in a target network but failed.
According to the Symantec Threat Hunter Team, 3am is a completely new and harmful family of ransomware that is written in Rust. The carrier program first tries to disable several services on an infected computer before it starts encrypting files. Once the encryption is complete, 3am proceeds to delete the volume shadow copies (VSS) of the system.
Volume Shadow Copy (VSS) is often used in backup and data restoration solutions such as Windows Backup and corporate storage systems, as it allows users to restore their system or files to a previous state. By deleting these shadow copies, cybercriminals make the process of data restoration without paying the ransom much more complicated. This tactic is commonly employed by ransomware creators to increase the likelihood that victims will be compelled to pay for the decryption of their files.