New 3AM ransomware

Security analysts from Intrinsic discovered a new ransomware variant called 3AM that targets small and medium-sized businesses (SMBs). 3AM uses X/Twitter bots and the Rust language–a less complex but effective strategy, it appears to be unrelated to any known ransomware family, making it a completely new malware.

Before starting to encrypt files, 3AM tries to stop multiple services running on the infected system for various security and backup products from vendors like Veeam, Acronis, Ivanti, McAfee, or Symantec.

Once the encryption process completes, files have the .THREEAMTIME extension and the malware also attempts to delete Volume Shadow copies that could be used to recover the data.