Summary: ThreeAM ransomware has been actively attacking small and medium companies, encrypting their data and demanding ransom. The ransomware is linked to ex-Conti members' R&D and uses X/Twitter bots and Rust language for ransomware. It targets US businesses, especially small to medium enterprises, erases Volume Shadow copies, and appends '.ThreeAMtime' extension to encrypted files. The ransomware's infrastructure shows commonalities and links to other malware. The operators run a name-and-shame blog on TOR for double extortion. Proactive security measures are necessary to counter such threats.
Hashtags: #ThreeAMransomware #cybersecuritynews #ransomware