Ransomware Group

3AM

Also known as: ThreeAM

Status: active • First seen 2023-0950+ known victims

3AM is a backup ransomware that hackers use when their first choice gets blocked by security software. It is written in Rust, a programming language that makes it harder for antivirus to detect.

Overview

3AM is a Rust-based ransomware that was observed being deployed as a fallback when LockBit was blocked. This suggests sophisticated operators who maintain multiple ransomware variants.

Target Industries

Healthcare, Technology, Manufacturing, Professional Services

How They Attack

  • LockBit fallback deployment
  • Rust-based payload
  • Double extortion
  • Service termination

Notable Victims

Healthcare networks (2023), Technology firms

Is your business exposed?

How to Protect Against 3AM

  1. 1.

    Deploy multi-layered ransomware detection

  2. 2.

    Monitor for Rust malware signatures

  3. 3.

    Implement network isolation capabilities

MITRE ATT&CK Techniques

T1486, T1489, T1490, T1059

Related Groups

Lockbit

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices