Posted 1 week ago by Kevin W.

 

Lilith Ransomware Emerges

New strain exploits SonicWall vulnerability CVE-2022-1040 to target businesses.

 

Severe Threat Posed

Researchers warn Lilith presents “severe and imminent” danger to organizations using unpatched SonicWall firewalls.

 

Patch Management Critical

Timely patching and robust security practices crucial to mitigating ransomware risk.

News > Cyber-Security > CS-General by Kevin Wood

New Lilith Ransomware Exploits SonicWall Vulnerability to Target Businesses

 

 

companies impacted on the rise

Security researchers have uncovered an emerging ransomware threat called Lilith that takes advantage of a known vulnerability in SonicWall firewalls to breach corporate networks and encrypt sensitive data. At least one company has already fallen victim to a Lilith ransomware attack.

The strain was first identified by analysts at Sentinel Labs, who linked it to a group of threat actors dubbed “The Lilith League.” Their investigation revealed that Lilith spreads primarily by exploiting CVE-2022-1040, a critical SQL injection flaw in SonicWall’s Analytics On-Prem and Global Management System (GMS) products. This vulnerability allows unauthenticated attackers to execute code remotely and take over unpatched devices.

Once inside a network, Lilith deploys a multi-stage encryption process that locks files with AES-256 and RSA-2048 algorithms, appending the “.lilith” extension. Victims are presented with a ransom note demanding payment in Bitcoin to obtain the decryption key and restore access to their data.

Lilith’s code contains several anti-analysis features designed to hinder reverse engineering attempts. It also includes a hard-coded kill switch domain that can deactivate attacks on short notice, a tactic seen in other ransomware families like REvil and DarkSide.

SonicWall had previously released patches for the exploited vulnerability in June 2022. However, the company estimates that 2,500 to 3,500 unpatched firewalls remain in use globally, leaving organizations exposed to Lilith and other threats.

The Sentinel Labs team assessed that Lilith poses a “severe and imminent” danger to businesses that have yet to remediate vulnerable SonicWall appliances. They urge affected users to apply available security updates immediately and monitor networks for signs of compromise.

The emergence of Lilith underscores the ongoing ransomware epidemic and the exploitation of common security flaws as initial attack vectors. Organizations are advised to prioritize timely patch management, network segmentation, and robust backup strategies to mitigate the risk and impact of increasingly sophisticated ransomware campaigns.

 

The rise of Lilith ransomware highlights the critical need for proactive cybersecurity measures.

BBG’s Ransomware Detection and Mitigation system can help organizations stay ahead of evolving threats by identifying intrusions in real-time and automatically blocking malicious activity.

Our technology consultation services also assist clients in developing comprehensive security strategies, including vulnerability management and incident response planning.

To learn more about protecting your business from ransomware like Lilith, schedule a meeting with our experts.