Gold Mystic

Malware Profile Updated 24 days ago
Download STIX
Preview STIX
Gold Mystic, also known as LockBit and Water Selkie, is a notable threat group that began ransomware operations in 2019. They adopted the LockBit name for their file-encrypting malware in 2020 and listed their first victims on the leak site in September of the same year. After a six-month period of apparent inactivity, Gold Mystic launched LockBit 2.0 in June 2021, an enhanced version of the ransomware that was touted as being more user-friendly and easier to implement. The group has had several iterations since its inception, including LockBit Red, LockBit Black, and LockBit Green, with the cybercrime syndicate also secretly developing a new version called LockBit-NG-Dev before its infrastructure was dismantled. Despite the dominance of established names like Gold Mystic (LockBit), Gold Blazer (BlackCat/ALPV), and Gold Tahoe (Cl0p) in the ransomware landscape, new groups are emerging and listing significant victim counts on "name and shame" leak sites. SecureWorks Counter Threat Unit (CTU), which is tracking the group under the name Gold Mystic, investigated 22 compromises featuring LockBit ransomware from July 2020 through January 2024, some of which relied solely on data theft to extort victims. Gold Mystic's LockBit remains at the forefront, with nearly three times the number of victims as the next most active group, BlackCat, operated by Gold Blazer. During the 12-month period covered, a LockBit operator, dubbed Gold Mystic by Secureworks, was the most active ransomware group, publishing nearly three times the number of victims as the next most active group, ALPHV(BlackCat), operated by a group known as Gold Blazer. According to Secureworks' observations based on 22 incident response engagements over the past three years, LockBit's origins can be traced back to Gold Mystic.
What's your take? (Question 1 of 2)
367164e4-9c8e-4594-b49c-417d30922552 Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Lockbit
2
LockBit is a malicious software, or malware, that has been significantly active in recent years. It is designed to infiltrate systems and cause significant damage by stealing sensitive information, disrupting operations, and holding data hostage for ransom. In 2023, security firm Rapid7 named LockBi
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Gold BlazerUnspecified
2
GOLD BLAZER is a threat actor identified as the operator of the BlackCat/ALPV ransomware. This group, along with others such as GOLD MYSTIC (LockBit) and GOLD TAHOE (Cl0p), continues to dominate the ransomware landscape. While these established groups maintain their stronghold, new threat actors are
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Gold Mystic Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
3 months ago
LockBit Ransomware Threat Persists | MSSP Alert | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
CERT-EU
6 months ago
Ransomware Dwell Time Hits Low of 24 Hours | #ransomware | #cybercrime | National Cyber Security Consulting
InfoSecurity-magazine
8 months ago
Record Numbers of Ransomware Victims Named on Leak Sites
CERT-EU
3 months ago
U.S. Offers $15 Million Bounty to Hunt Down LockBit Ransomware Leaders | #ransomware | #cybercrime | National Cyber Security Consulting
CERT-EU
3 months ago
Authorities Claim LockBit Admin "LockBitSupp" Has Engaged with Law Enforcement | #cybercrime | #infosec | National Cyber Security Consulting