BlackBit Ransomware Being Distributed in Korea

AhnLab Security Emergency response Center (ASEC) has recently discovered the distribution of the BlackBit ransomware disguised as svchost.exe during the team’s monitoring. According to the ASEC’s internal infrastructure, the BlackBit ransomware has been continuously distributed since September last year. The ransomware uses .NET Reactor to obfuscate its code, likely to deter analysis. It is possible to observe similar characteristics between the functioning ransomware and the LokiLocker ransomware. The BlackBit ransomware goes through the following preparations before performing its encryption process….