SolidBit Ransomware Enters the RaaS Scene and Takes Aim at Gamers and Social Media Users With New Variant <\/title> <link href=\"https:\/\/fonts.googleapis.com\/css?family=Open+Sans:300,300i,400,400i,600\" rel=\"stylesheet\">\n<link href=\"\/\/customer.cludo.com\/css\/296\/1798\/cludo-search.min.css\" type=\"text\/css\" rel=\"stylesheet\"> <link rel=\"stylesheet\" href=\"\/etc.clientlibs\/trendresearch\/clientlibs\/clientlib-trendresearch.min.css\" type=\"text\/css\"> <meta property=\"og:url\" content=\"https:\/\/www.trendmicro.com\/en_us\/research\/22\/h\/solidbit-ransomware-enters-the-raas-scene-and-takes-aim-at-gamer.html\"><br \/>\n<meta property=\"og:title\" content=\"SolidBit Ransomware Enters the RaaS Scene and Takes Aim at Gamers and Social Media Users With New Variant \"><br \/>\n<meta property=\"og:site_name\" content=\"Trend Micro\"><br \/>\n<meta property=\"og:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/h\/solidbit-ransomware-enters-the-raas-scene-and-takes-aim-at-gamers-and-social-media-users-with-new-variant-\/SolidBit-082022-banner.jpg\"><br \/>\n<meta property=\"og:locale\" content=\"en_US\"> <meta name=\"twitter:card\" content=\"summary_large_image\"><br \/>\n<meta name=\"twitter:site\" content=\"@TrendMicro\"><br \/>\n<meta name=\"twitter:title\" content=\"SolidBit Ransomware Enters the RaaS Scene and Takes Aim at Gamers and Social Media Users With New Variant \"><br \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/h\/solidbit-ransomware-enters-the-raas-scene-and-takes-aim-at-gamers-and-social-media-users-with-new-variant-\/SolidBit-082022-banner.jpg\"> <\/head> <body class=\"articlepage page basicpage context-business\" id=\"readabilityBody\" readability=\"50.613562970936\">  <a id=\"page-scroll\" title=\"VerticalPageScroll\" href=\"javascript:jumpScroll($(this).scrollTop());\"> <span class=\"icon-chevron-up\"><\/span> <\/a>  <\/p>\n<div class=\"root responsivegrid\">\n<div class=\"aem-Grid aem-Grid--12 aem-Grid--default--12 \">\n<div class=\"articleBodyNoHero aem-GridColumn aem-GridColumn--default--12\">\n<div class=\"research-layout article container\" role=\"contentinfo\">\n<article class=\"research-layout--wrapper row\" data-article-pageid=\"1893143843\">\n<div class=\"col-xs-12 col-md-12 one-column\">\n<div class=\"col-xs-12 col-md-12\" readability=\"11.321551724138\">\n<div class=\"article-details\" role=\"heading\" readability=\"42.33275862069\"> <span class=\"article-details__bar\" role=\"img\"><\/span> <\/p>\n<p class=\"article-details__description\">This blog entry offers a technical analysis of a new SolidBit variant that is posing as different applications to lure gamers and social media users. The SolidBit ransomware group appears to be planning to expand its operations through these fraudulent apps and its recruitment of ransomware-as-a-service affiliates. <\/p>\n<p class=\"article-details__author-by\">By: Nathaniel Morales, Ivan Nicole Chavez, Monte de Jesus, Lala Manly, Nathaniel Gregory Ragasa <time class=\"article-details__date\">August 02, 2022<\/time> <span>Read time: <\/span><span class=\"eta\"><\/span> (<span class=\"words\"><\/span> words) <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<hr class=\"research-layout-divider\"> <main class=\"main--content col-xs-12 col-md-8 col-md-push-2\"> <\/p>\n<div class=\"richText\" readability=\"37.58195819582\">\n<div readability=\"20.76897689769\">\n<p>Trend Micro researchers recently analyzed a sample of a new SolidBit <a href=\"https:\/\/www.trendmicro.com\/vinfo\/tmr\/?\/us\/security\/definition\/ransomware\" target=\"_blank\" rel=\"noopener\">ransomware<\/a> variant that targets users of popular video games and social media platforms. The malware was uploaded to GitHub, where it is disguised as different applications, including a League of Legends account checker tool (Figure 1) and an Instagram follower bot, to lure in victims. <\/p>\n<p>The League of Legends account checker on GitHub (Figures 2 and 3) is bundled with a file that contains instructions on how to use the tool (Figure 4), but that is the extent of the pretense: It has no graphic user interface (GUI) or any other behavior related to its supposed function. When an unsuspecting victim runs the application, it automatically executes malicious PowerShell codes that drop the ransomware. Another file that comes with the ransomware is named \u201cSource code,\u201d but this seems to be different from the compiled binary. <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/h\/solidbit-ransomware-enters-the-raas-scene-and-takes-aim-at-gamers-and-social-media-users-with-new-variant-\/SolidBit-082022-01.png\" alt=\"Figure 1. The icon of one of the malicious applications, named "Rust LoL Accounts Checker" \"><figcaption>Figure 1. The icon of one of the malicious applications, named “Rust LoL Accounts Checker” <\/figcaption><\/figure>\n<\/p><\/div>\n<div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/h\/solidbit-ransomware-enters-the-raas-scene-and-takes-aim-at-gamers-and-social-media-users-with-new-variant-\/SolidBit-082022-02.png\" alt=\"Figure 2. The SolidBit ransomware variant masquerading as a League of Legends account checker tool on GitHub \"><figcaption>Figure 2. The SolidBit ransomware variant masquerading as a League of Legends account checker tool on GitHub <\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/h\/solidbit-ransomware-enters-the-raas-scene-and-takes-aim-at-gamers-and-social-media-users-with-new-variant-\/SolidBit-082022-03.png\" alt=\"Figure 3. Details about the fraudulent League of Legends account checker posted on Github \"><figcaption>Figure 3. Details about the fraudulent League of Legends account checker posted on Github <\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/h\/solidbit-ransomware-enters-the-raas-scene-and-takes-aim-at-gamers-and-social-media-users-with-new-variant-\/SolidBit-082022-04.png\" alt=\"Figure 4. One of the files bundled with SolidBit\u2019s fraudulent League of Legends account checker on GitHub \u202f \"><figcaption>Figure 4. One of the files bundled with SolidBit\u2019s fraudulent League of Legends account checker on GitHub \u202f <\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"34.5\">\n<div readability=\"14\">\n<p>Among the files bundled with the account checker, we also found an executable file named <i>Rust LoL Accounts Checker.exe<\/i> (Figure 5) protected by Safengine Shielden, which obfuscates samples and applications to make reverse engineering and analysis more difficult.\u202fWhen this file is executed, an error window appears and claims that debugging tools have been detected (Figure 6), which may be one of the malware\u2019s anti-virtualization and anti-debugging capabilities. <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/h\/solidbit-ransomware-enters-the-raas-scene-and-takes-aim-at-gamers-and-social-media-users-with-new-variant-\/SolidBit-082022-05.png\" alt=\"Figure 5. File properties of Rust LoL Accounts Checker.exe found using Detect It Easy \"><figcaption>Figure 5. File properties of Rust LoL Accounts Checker.exe found using Detect It Easy <\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/h\/solidbit-ransomware-enters-the-raas-scene-and-takes-aim-at-gamers-and-social-media-users-with-new-variant-\/SolidBit-082022-06.png\" alt=\"Figure 6. A pop-up window that appears when Rust LoL Accounts Checker.exe is executed \"><figcaption>Figure 6. A pop-up window that appears when Rust LoL Accounts Checker.exe is executed <\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"47.5\">\n<div readability=\"40\">\n<p>If users click on this executable file, it will drop and execute <i>Lol Checker x64.exe<\/i>, which runs the malicious PowerShell codes that drop and execute the SolidBit ransomware. After pivoting the binary file in VirusTotal and AnyRun, we found that <i>Rust LoL Accounts Checker.exe<\/i> downloads and executes <i>Lol Checker x64.exe<\/i> using the following command: <\/p>\n<p><i>cmd \/c start “” %TEMP%\\LoL Checker x64.exe<\/i><\/p>\n<p>When <i>Lol Checker x64.exe <\/i>is executed, it will begin disabling Windows Defender\u2019s scheduled scans and any real-time scanning of the following folders and file extensions: <\/p>\n<ul>\n<li><span class=\"rte-red-bullet\">%UserProfile%,\u202f <\/span><\/li>\n<li><span class=\"rte-red-bullet\">%AppData%,\u202f <\/span><\/li>\n<li><span class=\"rte-red-bullet\">%Temp%,\u202f <\/span><\/li>\n<li><span class=\"rte-red-bullet\">%SystemRoot%,\u202f <\/span><\/li>\n<li><span class=\"rte-red-bullet\">%HomeDrive%,\u202f <\/span><\/li>\n<li><span class=\"rte-red-bullet\">%SystemDrive%\u202f\u202f <\/span><\/li>\n<li><span class=\"rte-red-bullet\">.exe\u202f <\/span><\/li>\n<li><span class=\"rte-red-bullet\">.dll\u202f <\/span><\/li>\n<\/ul>\n<p>The file disables these scans by using the following PowerShell command: <\/p>\n<p><i>cmd \/c powershell -Command “Add-MpPreference -ExclusionPath @($env:UserProfile,$env:AppData,$env:Temp,$env:SystemRoot,$env:HomeDrive,$env:SystemDrive) -Force” & powershell -Command “Add-MpPreference -ExclusionExtension @(‘exe’,’dll’) -Force” & exit;\u202f<\/i><\/p>\n<p>After successfully disabling Windows Defender from scanning these directories, the file will drop and execute the file <i>Runtime64.exe<\/i><b>,<\/b> which we analyzed as the SolidBit ransomware, using the following command prompt:<\/p>\n<p><i>cmd \/c start “” %TEMP%\\Runtime64.exe<\/i><\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"richText\" readability=\"34\">\n<div readability=\"13\">\n<p><span class=\"body-subhead-title\">Ransomware analysis of SolidBit\u2019s new variant <\/span><\/p>\n<p>This new version of SolidBit ransomware is a .NET compiled binary (Figure 7). After opening <i>Runtime64.exe <\/i>using the debugger and .NET assembly editor DnSpy, we found that this file was obfuscated. We used a .NET deobfuscator and unpacker tool called de4dot to make the strings readable (Figure 8). <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/h\/solidbit-ransomware-enters-the-raas-scene-and-takes-aim-at-gamers-and-social-media-users-with-new-variant-\/SolidBit-082022-07.png\" alt=\"Figure 7. Properties of the binary using Detect It Easy Tool \"><figcaption>Figure 7. Properties of the binary using Detect It Easy Tool <\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/h\/solidbit-ransomware-enters-the-raas-scene-and-takes-aim-at-gamers-and-social-media-users-with-new-variant-\/SolidBit-082022-08.png\" alt=\"Figure 8. A comparison of the file before (left) and after (right) it was deobfuscated using de4dot \"><figcaption>Figure 8. A comparison of the file before (left) and after (right) it was deobfuscated using de4dot <\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"31.5\">\n<div readability=\"8\">\n<p>The ransomware creates a mutex and will terminate if another copy of itself is found already running on the machine (Figure 9).\u202f <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/h\/solidbit-ransomware-enters-the-raas-scene-and-takes-aim-at-gamers-and-social-media-users-with-new-variant-\/SolidBit-082022-09.png\" alt=\"Figure 9. The mutex created by SolidBit ransomware \"><figcaption>Figure 9. The mutex created by SolidBit ransomware <\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"31.5\">\n<div readability=\"8\">\n<p>It will also create a registry key to a directory named \u201c<i>Software\\Microsoft\\Windows\\CurrentVersion\\Run<\/i>\u201d with the value \u201cUpdateTask\u201d as its autostart mechanism (Figure 10).\u202f <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/h\/solidbit-ransomware-enters-the-raas-scene-and-takes-aim-at-gamers-and-social-media-users-with-new-variant-\/SolidBit-082022-10.png\" alt=\"Figure 10. The registry key for SolidBit\u2019s autostart mechanism \"><figcaption>Figure 10. The registry key for SolidBit\u2019s autostart mechanism <\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"32.5\">\n<div readability=\"10\">\n<p>Prior to encryption, the ransomware will check if the directory is in the root path and avoids the following files and directories, as shown in Figure 11: <\/p>\n<ul>\n<li><span class=\"rte-red-bullet\">\\\\ProgramData\u202f <\/span><\/li>\n<li><span class=\"rte-red-bullet\">$Recycle.Bin\u202f <\/span><\/li>\n<li><span class=\"rte-red-bullet\">AMD\u202f <\/span><\/li>\n<li><span class=\"rte-red-bullet\">appdata\\\\local\u202f <\/span><\/li>\n<li><span class=\"rte-red-bullet\">appdata\\\\locallow\u202f <\/span><\/li>\n<li><span class=\"rte-red-bullet\">autorun.inf\u202f <\/span><\/li>\n<li><span class=\"rte-red-bullet\">boot.ini\u202f <\/span><\/li>\n<li><span class=\"rte-red-bullet\">boot.ini\u202f <\/span><\/li>\n<li><span class=\"rte-red-bullet\">bootfont.bin\u202f <\/span><\/li>\n<li><span class=\"rte-red-bullet\">bootmgfw.efi\u202f <\/span><\/li>\n<li><span class=\"rte-red-bullet\">bootsect.bak\u202f <\/span><\/li>\n<li><span class=\"rte-red-bullet\">desktop.ini\u202f <\/span><\/li>\n<li><span class=\"rte-red-bullet\">Documents and Settings\u202f <\/span><\/li>\n<li><span class=\"rte-red-bullet\">iconcache.db\u202f <\/span><\/li>\n<li><span class=\"rte-red-bullet\">Intel\u202f <\/span><\/li>\n<li><span class=\"rte-red-bullet\">MSOCache\u202f <\/span><\/li>\n<li><span class=\"rte-red-bullet\">ntuser.dat\u202f <\/span><\/li>\n<li><span class=\"rte-red-bullet\">ntuser.dat.log\u202f <\/span><\/li>\n<li><span class=\"rte-red-bullet\">ntuser.ini\u202f <\/span><\/li>\n<li><span class=\"rte-red-bullet\">NVIDIA\u202f <\/span><\/li>\n<li><span class=\"rte-red-bullet\">PerfLogs\u202f <\/span><\/li>\n<li><span class=\"rte-red-bullet\">ProgramData\u202f <\/span><\/li>\n<li><span class=\"rte-red-bullet\">Program Files\u202f <\/span><\/li>\n<li><span class=\"rte-red-bullet\">Program Files (x86)\u202f <\/span><\/li>\n<li><span class=\"rte-red-bullet\">thumbs.db\u202f <\/span><\/li>\n<li><span class=\"rte-red-bullet\">users\\\\all users\u202f <\/span><\/li>\n<li><span class=\"rte-red-bullet\">Windows\u202f <\/span><\/li>\n<li><span class=\"rte-red-bullet\">Windows.old\u202f <\/span><\/li>\n<\/ul><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/h\/solidbit-ransomware-enters-the-raas-scene-and-takes-aim-at-gamers-and-social-media-users-with-new-variant-\/SolidBit-082022-11.png\" alt=\"Figure 11. SolidBit ransomware checking for files to be avoided \"><figcaption>Figure 11. SolidBit ransomware checking for files to be avoided <\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"32.5\">\n<div readability=\"10\">\n<p>This SolidBit variant uses 256-bit Advanced Encryption Standard (AES) encryption to encrypt the files in its victim\u2019s computer (Figure 12). A key that is appended in the encrypted files\u2019 content (Figure 13) will act as SolidBit\u2019s infection marker. The key came from a hard-coded string from the binary that was encrypted via Rivest-Shamir-Adleman (RSA) encryption and was encoded to Base 64. The ransomware will also append the .SolidBit file extension to the encrypted files and changes their file icons (Figure 14). Its encryption routine only encrypts files with specific file extensions. <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/h\/solidbit-ransomware-enters-the-raas-scene-and-takes-aim-at-gamers-and-social-media-users-with-new-variant-\/SolidBit-082022-12.png\" alt=\"Figure 12. SolidBit ransomware\u2019s encryption routine \"><figcaption>Figure 12. SolidBit ransomware\u2019s encryption routine <\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/h\/solidbit-ransomware-enters-the-raas-scene-and-takes-aim-at-gamers-and-social-media-users-with-new-variant-\/SolidBit-082022-13.png\" alt=\"Figure 13. The encrypted content of the file \"><figcaption>Figure 13. The encrypted content of the file <\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/h\/solidbit-ransomware-enters-the-raas-scene-and-takes-aim-at-gamers-and-social-media-users-with-new-variant-\/SolidBit-082022-14.png\" alt=\"Figure 14. A file encrypted by SolidBit ransomware \"><figcaption>Figure 14. A file encrypted by SolidBit ransomware <\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"32.5\">\n<div readability=\"10\">\n<p>This SolidBit variant will also terminate multiple services, delete any shadow copies (Figure 15) and backup catalogs (Figure 16), and delete 42 services in the victim\u2019s computer. <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/h\/solidbit-ransomware-enters-the-raas-scene-and-takes-aim-at-gamers-and-social-media-users-with-new-variant-\/SolidBit-082022-15.png\" alt=\"Figure 15. SolidBit\u2019s deletion of shadow copies \"><figcaption>Figure 15. SolidBit\u2019s deletion of shadow copies <\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/h\/solidbit-ransomware-enters-the-raas-scene-and-takes-aim-at-gamers-and-social-media-users-with-new-variant-\/SolidBit-082022-16.png\" alt=\"Figure 16. SolidBit\u2019s deletion of the backup catalog \"><figcaption>Figure 16. SolidBit\u2019s deletion of the backup catalog <\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"33\">\n<div readability=\"11\">\n<p>It will also drop a file, <i>RESTORE-MY-FILES.txt,<\/i> that contains instructions on how a victim can pay the ransom to every directory (Figure 17) and shows a pop-up window on the victim\u2019s machine (Figure 18). <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/h\/solidbit-ransomware-enters-the-raas-scene-and-takes-aim-at-gamers-and-social-media-users-with-new-variant-\/SolidBit-082022-17.png\" alt=\"Figure 17. Dropped ransom note by SolidBit ransomware \"><figcaption>Figure 17. Dropped ransom note by SolidBit ransomware <\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/h\/solidbit-ransomware-enters-the-raas-scene-and-takes-aim-at-gamers-and-social-media-users-with-new-variant-\/SolidBit-082022-18.png\" alt=\"Figure 18. The pop-up window that SolidBit ransomware shows on the victim\u2019s screen \"><figcaption>Figure 18. The pop-up window that SolidBit ransomware shows on the victim\u2019s screen <\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"30.787449392713\">\n<div readability=\"11.028340080972\">\n<p><span class=\"body-subhead-title\">SolidBit as a LockBit imitator\u202f <\/span><\/p>\n<p>SolidBit has been suspected of being <a href=\"https:\/\/medium.com\/s2wblog\/two-copycats-of-lockbit-ransomware-solidbit-and-crypton-7257fb069b16\" target=\"_blank\" rel=\"noopener\">a LockBit ransomware<\/a> copycat, as the two share similarities in their chat support sites\u2019 formatting (Figure 19) and the file names of their ransom note (Figure 20).\u202f\u202f <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/h\/solidbit-ransomware-enters-the-raas-scene-and-takes-aim-at-gamers-and-social-media-users-with-new-variant-\/SolidBit-082022-19.png\" alt=\"Figure 19. Similarities between the chat support sites of LockBit (left) and SolidBit (right) \"><figcaption>Figure 19. Similarities between the chat support sites of LockBit (left) and SolidBit (right) <\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/h\/solidbit-ransomware-enters-the-raas-scene-and-takes-aim-at-gamers-and-social-media-users-with-new-variant-\/SolidBit-082022-20.png\" alt=\"Figure 20. The ransom notes of LockBit (left) and SolidBit (right) \"><figcaption>Figure 20. The ransom notes of LockBit (left) and SolidBit (right) <\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"27.294444444444\">\n<div readability=\"10.436111111111\">\n<p>However, SolidBit ransomware is compiled using .NET and is actually a variant of Yashma ransomware, also known as <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/21\/h\/chaos-ransomware-a-dangerous-proof-of-concept.html\" target=\"_blank\" rel=\"noopener\">Chaos<\/a> (Figure 21). It’s possible that SolidBit\u2019s ransomware actors are <a href=\"https:\/\/medium.com\/s2wblog\/two-copycats-of-lockbit-ransomware-solidbit-and-crypton-7257fb069b16\" target=\"_blank\" rel=\"noopener\">currently working with the original developer of Yashma ransomware<\/a> and likely modified some features from the Chaos builder, later rebranding it as SolidBit (Figure 22). <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/h\/solidbit-ransomware-enters-the-raas-scene-and-takes-aim-at-gamers-and-social-media-users-with-new-variant-\/SolidBit-082022-21.png\" alt=\"Figure 21. The functions of SolidBit ransomware (left) and Yashma ransomware (right) \"><figcaption>Figure 21. The functions of SolidBit ransomware (left) and Yashma ransomware (right) <\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/h\/solidbit-ransomware-enters-the-raas-scene-and-takes-aim-at-gamers-and-social-media-users-with-new-variant-\/SolidBit-082022-22.png\" alt=\"Figure 22. SolidBit ransomware (left) and Yashma ransomware (right) checks files in a targeted system\u2019s directories \"><figcaption>Figure 22. SolidBit ransomware (left) and Yashma ransomware (right) checks files in a targeted system\u2019s directories <\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"32.5\">\n<div readability=\"10\">\n<p>The new SolidBit sample is larger than its predecessors at 5.56 MB, compared to the 159 KB of earlier SolidBit variants. Its use of a fake\u202fLeague of Legends\u202fAccount Checker application to drop its\u202fransomware payload is a new technique in its arsenal.\u202f\u202f <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"richText\" readability=\"34.5\">\n<div readability=\"14\">\n<p><span class=\"body-subhead-title\">SolidBit posing as social media tools <\/span><\/p>\n<p>In addition to the fraudulent League of Legends account checker application, the aforementioned GitHub account has uploaded this new SolidBit variant disguised as other legitimate applications named \u201cSocial Hacker\u201d (Figure 23) and \u201cInstagram Follower Bot\u201d (Figure 24). However, the account has been taken down at the time of this writing. <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/h\/solidbit-ransomware-enters-the-raas-scene-and-takes-aim-at-gamers-and-social-media-users-with-new-variant-\/SolidBit-082022-23.png\" alt=\"Figure 23. File properties of the new SolidBit ransomware variant disguised as an application named Social Hacker \"><figcaption>Figure 23. File properties of the new SolidBit ransomware variant disguised as an application named Social Hacker <\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/h\/solidbit-ransomware-enters-the-raas-scene-and-takes-aim-at-gamers-and-social-media-users-with-new-variant-\/SolidBit-082022-24.png\" alt=\"Figure 24. File properties of the new SolidBit ransomware variant disguised as an application called Instagram Follower Bot \"><figcaption>Figure 24. File properties of the new SolidBit ransomware variant disguised as an application called Instagram Follower Bot <\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"34\">\n<div readability=\"13\">\n<p>Both these malicious applications display an error message when executed on a virtual machine (Figure 25). They exhibit the same behavior as the fake League of Legends account checker, wherein they drop and execute an executable that will, in turn, drop and execute the SolidBit ransomware payload (Figure 26). <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/h\/solidbit-ransomware-enters-the-raas-scene-and-takes-aim-at-gamers-and-social-media-users-with-new-variant-\/SolidBit-082022-25.png\" alt=\"Figure 25. The error message shown when the Social Hacker and Instagram Follower Bot applications are run on a virtual machine \"><figcaption>Figure 25. The error message shown when the Social Hacker and Instagram Follower Bot applications are run on a virtual machine <\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/h\/solidbit-ransomware-enters-the-raas-scene-and-takes-aim-at-gamers-and-social-media-users-with-new-variant-\/SolidBit-082022-26.png\" alt=\"Figure 26. The execution flow of the three malicious applications that contain the new SolidBit variant \"><figcaption>Figure 26. The execution flow of the three malicious applications that contain the new SolidBit variant <\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"31.729445506692\">\n<div readability=\"12.875717017208\">\n<p><span class=\"body-subhead-title\">SolidBit as ransomware-as-a-service\u202f <\/span><\/p>\n<p>The malicious actors behind SolidBit aren\u2019t just turning to malicious apps as a means of spreading the ransomware. <a href=\"https:\/\/medium.com\/s2wblog\/two-copycats-of-lockbit-ransomware-solidbit-and-crypton-7257fb069b16\" target=\"_blank\" rel=\"noopener\">A researcher<\/a> found that the SolidBit ransomware group also posted a job advertisement on an underground forum on June 29 to recruit potential affiliates for their <a href=\"https:\/\/www.trendmicro.com\/vinfo\/tmr\/?\/us\/security\/definition\/ransomware-as-a-service-raas\" target=\"_blank\" rel=\"noopener\">ransomware-as-a-service (RaaS)<\/a> activities. These affiliates, who are tasked with penetrating a victim\u2019s system and distributing SolidBit, stand to gain 80% of the ransomware payout as a commission. <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"richText\" readability=\"41.856226235741\">\n<div readability=\"31.980038022814\">\n<p><span class=\"body-subhead-title\">Fending off ransomware attacks <\/span><\/p>\n<p>The malware authors behind SolidBit ransomware appear to be gearing up to expand their operations through recruiting ransomware-as-a-service partners who will facilitate a wider scale of infection, on top of the distribution approach of their newly found variant. The large commission percentage that SolidBit\u2019s authors offer is likely to attract other opportunistic threat actors, so we anticipate more activity from this ransomware group in the near future. <\/p>\n<p>While it is not new for ransomware to disguise itself as a legitimate program or\u202fa tool as a social engineering lure,\u202fSolidBit\u2019s new variant targets games and applications with a large user base. This allows SolidBit\u2019s ransomware actors to cast a wide net of potential victims, and users who are may not be well-versed in security hygiene, such as children or teenagers, could fall victim to fraudulent applications and tools, as was the case in previous <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/gamers-face-waves-of-booby-trapped-game-cheats-that-steal-login-credentials\/\" target=\"_blank\" rel=\"noopener\">Minecraft and Roblox malware infections<\/a>.\u202f <\/p>\n<p>End users and organizations alike can mitigate the risk of ransomware infection by following these security best practices: <\/p>\n<ul>\n<li><span class=\"rte-red-bullet\">Enable multifactor authentication (MFA) to prevent attackers from performing lateral movement inside a network. <\/span><\/li>\n<li><span class=\"rte-red-bullet\">Adhere to <a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/virtualization-and-cloud\/best-practices-backing-up-data\" target=\"_blank\" rel=\"noopener\">the 3-2-1 rule<\/a> when backing up important files. This involves creating three backup copies on two different file formats, with one of the copies stored in a separate location. <\/span><\/li>\n<li><span class=\"rte-red-bullet\">Patch and <a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/vulnerabilities-and-exploits\/virtual-patching-patch-those-vulnerabilities-before-they-can-be-exploited\" target=\"_blank\" rel=\"noopener\">update systems regularly<\/a>. It\u2019s important to keep one\u2019s operating system and applications up to date, which will prevent malicious actors from exploiting any software vulnerabilities.<\/span> <\/li>\n<\/ul>\n<p>Organizations can also benefit from security solutions that offer multilayered detection and response such as <a href=\"https:\/\/www.trendmicro.com\/en_us\/business\/products\/detection-response.html\" target=\"_blank\" rel=\"noopener\">Trend Micro Vision One\u2122<\/a>, which has multilayered protection and behavior detection capabilities that help block suspicious behavior and tools before ransomware can do any damage. <a href=\"https:\/\/www.trendmicro.com\/en_us\/business\/products\/user-protection\/sps\/endpoint.html\" target=\"_blank\" rel=\"noopener\">Trend Micro Apex One\u2122<\/a> also provides next-level automated threat detection and response to protect endpoints against advanced issues, like fileless threats and ransomware. <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"richText\" readability=\"30.246575342466\">\n<div readability=\"8.5068493150685\">\n<p><span class=\"body-subhead-title\">Indicators of compromise (IOCs)\u202f <\/span><\/p>\n<p>View the full list of IOCs <a href=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/h\/solidbit-ransomware-enters-the-raas-scene-and-takes-aim-at-gamers-and-social-media-users-with-new-variant-\/IOCs-SolidBit-Ransomware-Enters-the-RaaS-Scene-and-Takes-Aim-at-Gamers-and-Social-Media-Users-With-New-Variant%20.txt\" target=\"_blank\" rel=\"noopener\">here<\/a>. <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<section class=\"tag--list\">\n<p>Tags<\/p>\n<\/section>\n<p> <\/main> <\/article>\n<\/div>\n<\/div><\/div>\n<\/div>\n<p>   <\/p>\n<p> <span>sXpIBdPeKzI9PC2p0SWMpUSM2NSxWzPyXTMLlbXmYa0R20xk<\/span> <\/p>\n<p>   <\/body> Read More <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/22\/h\/solidbit-ransomware-enters-the-raas-scene-and-takes-aim-at-gamer.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>This blog entry offers a technical analysis of a new SolidBit variant that is posing as different applications to lure gamers and social media users. The SolidBit ransomware group appears to be planning to expand its operations through these fraudulent apps and its recruitment of ransomware-as-a-service affiliates. Read More HERE…<\/p>\n","protected":false},"author":2,"featured_media":47849,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[61],"tags":[9510,9539,9509],"class_list":["post-47848","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-trendmicro","tag-trend-micro-research-articles-news-reports","tag-trend-micro-research-ransomware","tag-trend-micro-research-research"],"yoast_head":"\n<title>SolidBit Ransomware Enters the RaaS Scene and Takes Aim at Gamers and Social Media Users With New Variant Threat Analyst Threat Analyst Threats Analyst Threats Analyst Threat Analyst 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/solidbit-ransomware-enters-the-raas-scene-and-takes-aim-at-gamers-and-social-media-users-with-new-variant-threat-analyst-threat-analyst-threats-analyst-threats-analyst-threat-analyst\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SolidBit Ransomware Enters the RaaS Scene and Takes Aim at Gamers and Social Media Users With New Variant Threat Analyst Threat Analyst Threats Analyst Threats Analyst Threat Analyst 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/solidbit-ransomware-enters-the-raas-scene-and-takes-aim-at-gamers-and-social-media-users-with-new-variant-threat-analyst-threat-analyst-threats-analyst-threats-analyst-threat-analyst\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2022-08-02T00:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/h\/solidbit-ransomware-enters-the-raas-scene-and-takes-aim-at-gamers-and-social-media-users-with-new-variant-\/SolidBit-082022-banner.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"9 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/solidbit-ransomware-enters-the-raas-scene-and-takes-aim-at-gamers-and-social-media-users-with-new-variant-threat-analyst-threat-analyst-threats-analyst-threats-analyst-threat-analyst\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/solidbit-ransomware-enters-the-raas-scene-and-takes-aim-at-gamers-and-social-media-users-with-new-variant-threat-analyst-threat-analyst-threats-analyst-threats-analyst-threat-analyst\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"SolidBit Ransomware Enters the RaaS Scene and Takes Aim at Gamers and Social Media Users With New Variant Threat Analyst Threat Analyst Threats Analyst Threats Analyst Threat Analyst\",\"datePublished\":\"2022-08-02T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/solidbit-ransomware-enters-the-raas-scene-and-takes-aim-at-gamers-and-social-media-users-with-new-variant-threat-analyst-threat-analyst-threats-analyst-threats-analyst-threat-analyst\\\/\"},\"wordCount\":1870,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/solidbit-ransomware-enters-the-raas-scene-and-takes-aim-at-gamers-and-social-media-users-with-new-variant-threat-analyst-threat-analyst-threats-analyst-threats-analyst-threat-analyst\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/08\\\/solidbit-ransomware-enters-the-raas-scene-and-takes-aim-at-gamers-and-social-media-users-with-new-variant-threat-analyst-threat-analyst-threats-analyst-threats-analyst-threat-analyst.png\",\"keywords\":[\"Trend Micro Research : Articles, News, Reports\",\"Trend Micro Research : Ransomware\",\"Trend Micro Research : Research\"],\"articleSection\":[\"TrendMicro\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/solidbit-ransomware-enters-the-raas-scene-and-takes-aim-at-gamers-and-social-media-users-with-new-variant-threat-analyst-threat-analyst-threats-analyst-threats-analyst-threat-analyst\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/solidbit-ransomware-enters-the-raas-scene-and-takes-aim-at-gamers-and-social-media-users-with-new-variant-threat-analyst-threat-analyst-threats-analyst-threats-analyst-threat-analyst\\\/\",\"name\":\"SolidBit Ransomware Enters the RaaS Scene and Takes Aim at Gamers and Social Media Users With New Variant Threat Analyst Threat Analyst Threats Analyst Threats Analyst Threat Analyst 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/solidbit-ransomware-enters-the-raas-scene-and-takes-aim-at-gamers-and-social-media-users-with-new-variant-threat-analyst-threat-analyst-threats-analyst-threats-analyst-threat-analyst\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/solidbit-ransomware-enters-the-raas-scene-and-takes-aim-at-gamers-and-social-media-users-with-new-variant-threat-analyst-threat-analyst-threats-analyst-threats-analyst-threat-analyst\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/08\\\/solidbit-ransomware-enters-the-raas-scene-and-takes-aim-at-gamers-and-social-media-users-with-new-variant-threat-analyst-threat-analyst-threats-analyst-threats-analyst-threat-analyst.png\",\"datePublished\":\"2022-08-02T00:00:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/solidbit-ransomware-enters-the-raas-scene-and-takes-aim-at-gamers-and-social-media-users-with-new-variant-threat-analyst-threat-analyst-threats-analyst-threats-analyst-threat-analyst\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/solidbit-ransomware-enters-the-raas-scene-and-takes-aim-at-gamers-and-social-media-users-with-new-variant-threat-analyst-threat-analyst-threats-analyst-threats-analyst-threat-analyst\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/solidbit-ransomware-enters-the-raas-scene-and-takes-aim-at-gamers-and-social-media-users-with-new-variant-threat-analyst-threat-analyst-threats-analyst-threats-analyst-threat-analyst\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/08\\\/solidbit-ransomware-enters-the-raas-scene-and-takes-aim-at-gamers-and-social-media-users-with-new-variant-threat-analyst-threat-analyst-threats-analyst-threats-analyst-threat-analyst.png\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/08\\\/solidbit-ransomware-enters-the-raas-scene-and-takes-aim-at-gamers-and-social-media-users-with-new-variant-threat-analyst-threat-analyst-threats-analyst-threats-analyst-threat-analyst.png\",\"width\":138,\"height\":167},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/solidbit-ransomware-enters-the-raas-scene-and-takes-aim-at-gamers-and-social-media-users-with-new-variant-threat-analyst-threat-analyst-threats-analyst-threats-analyst-threat-analyst\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Trend Micro Research : Articles, News, Reports\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/trend-micro-research-articles-news-reports\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"SolidBit Ransomware Enters the RaaS Scene and Takes Aim at Gamers and Social Media Users With New Variant Threat Analyst Threat Analyst Threats Analyst Threats Analyst Threat Analyst\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n","yoast_head_json":{"title":"SolidBit Ransomware Enters the RaaS Scene and Takes Aim at Gamers and Social Media Users With New Variant Threat Analyst Threat Analyst Threats Analyst Threats Analyst Threat Analyst 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/solidbit-ransomware-enters-the-raas-scene-and-takes-aim-at-gamers-and-social-media-users-with-new-variant-threat-analyst-threat-analyst-threats-analyst-threats-analyst-threat-analyst\/","og_locale":"en_US","og_type":"article","og_title":"SolidBit Ransomware Enters the RaaS Scene and Takes Aim at Gamers and Social Media Users With New Variant Threat Analyst Threat Analyst Threats Analyst Threats Analyst Threat Analyst 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/solidbit-ransomware-enters-the-raas-scene-and-takes-aim-at-gamers-and-social-media-users-with-new-variant-threat-analyst-threat-analyst-threats-analyst-threats-analyst-threat-analyst\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2022-08-02T00:00:00+00:00","og_image":[{"url":"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/h\/solidbit-ransomware-enters-the-raas-scene-and-takes-aim-at-gamers-and-social-media-users-with-new-variant-\/SolidBit-082022-banner.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"9 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/solidbit-ransomware-enters-the-raas-scene-and-takes-aim-at-gamers-and-social-media-users-with-new-variant-threat-analyst-threat-analyst-threats-analyst-threats-analyst-threat-analyst\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/solidbit-ransomware-enters-the-raas-scene-and-takes-aim-at-gamers-and-social-media-users-with-new-variant-threat-analyst-threat-analyst-threats-analyst-threats-analyst-threat-analyst\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"SolidBit Ransomware Enters the RaaS Scene and Takes Aim at Gamers and Social Media Users With New Variant Threat Analyst Threat Analyst Threats Analyst Threats Analyst Threat Analyst","datePublished":"2022-08-02T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/solidbit-ransomware-enters-the-raas-scene-and-takes-aim-at-gamers-and-social-media-users-with-new-variant-threat-analyst-threat-analyst-threats-analyst-threats-analyst-threat-analyst\/"},"wordCount":1870,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/solidbit-ransomware-enters-the-raas-scene-and-takes-aim-at-gamers-and-social-media-users-with-new-variant-threat-analyst-threat-analyst-threats-analyst-threats-analyst-threat-analyst\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/08\/solidbit-ransomware-enters-the-raas-scene-and-takes-aim-at-gamers-and-social-media-users-with-new-variant-threat-analyst-threat-analyst-threats-analyst-threats-analyst-threat-analyst.png","keywords":["Trend Micro Research : Articles, News, Reports","Trend Micro Research : Ransomware","Trend Micro Research : Research"],"articleSection":["TrendMicro"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/solidbit-ransomware-enters-the-raas-scene-and-takes-aim-at-gamers-and-social-media-users-with-new-variant-threat-analyst-threat-analyst-threats-analyst-threats-analyst-threat-analyst\/","url":"https:\/\/www.threatshub.org\/blog\/solidbit-ransomware-enters-the-raas-scene-and-takes-aim-at-gamers-and-social-media-users-with-new-variant-threat-analyst-threat-analyst-threats-analyst-threats-analyst-threat-analyst\/","name":"SolidBit Ransomware Enters the RaaS Scene and Takes Aim at Gamers and Social Media Users With New Variant Threat Analyst Threat Analyst Threats Analyst Threats Analyst Threat Analyst 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/solidbit-ransomware-enters-the-raas-scene-and-takes-aim-at-gamers-and-social-media-users-with-new-variant-threat-analyst-threat-analyst-threats-analyst-threats-analyst-threat-analyst\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/solidbit-ransomware-enters-the-raas-scene-and-takes-aim-at-gamers-and-social-media-users-with-new-variant-threat-analyst-threat-analyst-threats-analyst-threats-analyst-threat-analyst\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/08\/solidbit-ransomware-enters-the-raas-scene-and-takes-aim-at-gamers-and-social-media-users-with-new-variant-threat-analyst-threat-analyst-threats-analyst-threats-analyst-threat-analyst.png","datePublished":"2022-08-02T00:00:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/solidbit-ransomware-enters-the-raas-scene-and-takes-aim-at-gamers-and-social-media-users-with-new-variant-threat-analyst-threat-analyst-threats-analyst-threats-analyst-threat-analyst\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/solidbit-ransomware-enters-the-raas-scene-and-takes-aim-at-gamers-and-social-media-users-with-new-variant-threat-analyst-threat-analyst-threats-analyst-threats-analyst-threat-analyst\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/solidbit-ransomware-enters-the-raas-scene-and-takes-aim-at-gamers-and-social-media-users-with-new-variant-threat-analyst-threat-analyst-threats-analyst-threats-analyst-threat-analyst\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/08\/solidbit-ransomware-enters-the-raas-scene-and-takes-aim-at-gamers-and-social-media-users-with-new-variant-threat-analyst-threat-analyst-threats-analyst-threats-analyst-threat-analyst.png","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/08\/solidbit-ransomware-enters-the-raas-scene-and-takes-aim-at-gamers-and-social-media-users-with-new-variant-threat-analyst-threat-analyst-threats-analyst-threats-analyst-threat-analyst.png","width":138,"height":167},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/solidbit-ransomware-enters-the-raas-scene-and-takes-aim-at-gamers-and-social-media-users-with-new-variant-threat-analyst-threat-analyst-threats-analyst-threats-analyst-threat-analyst\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Trend Micro Research : Articles, News, Reports","item":"https:\/\/www.threatshub.org\/blog\/tag\/trend-micro-research-articles-news-reports\/"},{"@type":"ListItem","position":3,"name":"SolidBit Ransomware Enters the RaaS Scene and Takes Aim at Gamers and Social Media Users With New Variant Threat Analyst Threat Analyst Threats Analyst Threats Analyst Threat Analyst"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/47848","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=47848"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/47848\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/47849"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=47848"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=47848"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=47848"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":47848,"date":"2022-08-02T00:00:00","date_gmt":"2022-08-02T00:00:00","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/solidbit-ransomware-enters-the-raas-scene-and-takes-aim-at-gamers-and-social-media-users-with-new-variant-threat-analyst-threat-analyst-threats-analyst-threats-analyst-threat-analyst\/"},"modified":"2022-08-02T00:00:00","modified_gmt":"2022-08-02T00:00:00","slug":"solidbit-ransomware-enters-the-raas-scene-and-takes-aim-at-gamers-and-social-media-users-with-new-variant-threat-analyst-threat-analyst-threats-analyst-threats-analyst-threat-analyst","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/solidbit-ransomware-enters-the-raas-scene-and-takes-aim-at-gamers-and-social-media-users-with-new-variant-threat-analyst-threat-analyst-threats-analyst-threats-analyst-threat-analyst\/","title":{"rendered":"SolidBit Ransomware Enters the RaaS Scene and Takes Aim at Gamers and Social Media Users With New Variant Threat Analyst Threat Analyst Threats Analyst Threats Analyst Threat Analyst"},"content":{"rendered":"