Organizations have been alerted to the existence of three new ransomware families called Lilith, RedAlert, and 0mega by security experts at threat intelligence company Cyble.
Written in C/C++ and designed for 64-bit Windows computers, Lilith encrypts files and adds the “.lilith” extension before dropping a ransom note on the machine requesting money. To commit double extortion, ransomware operators also take victim data. When the ransomware is performed on a victim’s computer, it looks for a hardcoded list of processes and kills those that are still active in order to gain access to the files that will be encrypted.
Processes for Outlook, Thunderbird, Firefox, SQL, Steam, and other programs are among the targeted ones.