Summary:**New Ransomware Variant with .BS82tAHwp Extension Sparks LockBit Fears**A newly discovered ransomwa
referrerpolicy="no-referrer"
style="max-width:100%;height:auto;display:block;margin:0 auto;">
**New Ransomware Variant with .BS82tAHwp Extension Sparks LockBit Fears**
A newly discovered ransomware strain that appends the unusual .BS82tAHwp suffix to encrypted files has raised alarms across the cybersecurity community, with early indicators suggesting a possible link to the notorious LockBit group. The malware first surfaced in a forum post where a victim identified the attacker’s contact as Simoneken@proton.me and reported that all personal documents, photos, and system files had been rendered inaccessible.
**Key Developments**
Security analysts who examined a sample of the ransomware noted several technical hallmarks reminiscent of LockBit’s modus operandi: the use of a double‑extortion tactic, a ransom note demanding payment in Bitcoin, and the presence of a custom‑built loader that evades common antivirus signatures. The .BS82tAHwp extension, however, does not appear in any previously catalogued LockBit variants, prompting debate over whether the threat actors are testing a new obfuscation method or if an affiliate is attempting to masquerade as the established ransomware‑as‑a‑service (RaaS) operation. The email address Simoneken@proton.me, associated with the ransom note, has been traced to a ProtonMail account registered in early 2024, but no further attribution details are publicly available.
**Industry Analysis**
Experts warn that the emergence of a fresh extension could signal an evolution in ransomware delivery chains. “Changing file markers is a low‑cost way for threat actors to bypass signature‑based defenses while retaining the core encryption routine,” said Maya Patel, a senior threat intelligence researcher at CyberShield Labs. If the .BS82tAHwp strain is indeed a LockBit offshoot, it may inherit the group’s sophisticated affiliate network, which has been responsible for a significant share of global ransomware incidents over the past two years