Lockbit

Malware updated 16 hours ago (2024-11-20T18:04:55.793Z)
Download STIX
Preview STIX
LockBit is a malicious software, or malware, known for its damaging and exploitative functions. It infiltrates systems via dubious downloads, emails, or websites, often without the user's knowledge, and can steal personal information, disrupt operations, or hold data hostage for ransom. The LockBit ransomware gang has claimed to have stolen data from Boeing, a major aerospace company, and even leaked the stolen data, posing significant security concerns. The LockBit 3.0 Ransomware affiliates exploited the CVE 2023-4966 Citrix Bleed Vulnerability, marking a significant advancement in their tactics. This was not the first instance of LockBit's disruptive activities; it had previously breached the Housing Authority of the City of Los Angeles (HACLA) in 2023. Despite numerous law enforcement infiltrations into the group, including obtaining decryption keys for thousands of its victims and a list of 194 usernames and IDs for the group's affiliates, the LockBit group never deleted the stolen data, leaving a potential risk for further blackmail of breached organizations or affected individuals. Operation Cronos, led by the U.K.'s National Crime Agency and the FBI, marked a significant blow against LockBit. Authorities named and indicted Russian national Dmitry Yuryevich Khoroshev, 31, who stands accused of being the head of LockBit known as "LockBitSupp". Despite recent disruptions of notorious ransomware groups like LockBit and Alphv, the ransomware-as-a-service model embraced by the criminal underground enables even novice actors to carry out sophisticated attacks. These events triggered some reorganization in the RaaS space, demonstrating the ongoing threat posed by such cybercriminal activities.
Description last updated: 2024-11-15T15:56:52.854Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Babuk is a possible alias for Lockbit. Babuk is a form of malware, specifically ransomware, that infiltrates computer systems and encrypts files, rendering them inaccessible to the user. It typically infects systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can disrupt operatio
8
Dragonforce is a possible alias for Lockbit. DragonForce is a malicious software (malware) developed by a hacktivist group of the same name. This malware has been used in a series of attacks targeting various organizations globally. In 2022, DragonForce targeted over 70 government and commercial entities in India, disrupting their web resource
4
Gold Mystic is a possible alias for Lockbit. Gold Mystic, also known as LockBit and Water Selkie, is a notable threat group that began ransomware operations in 2019. They adopted the LockBit name for their file-encrypting malware in 2020 and listed their first victims on the leak site in September of the same year. After a six-month period of
3
Putinkrab is a possible alias for Lockbit. Putinkrab, a threat actor, is known for its involvement in the development and use of highly successful ransomware strains. Emerging onto the scene in 2019, Putinkrab first appeared on Russian cybercrime forums such as XSS, Exploit, and UFOLabs, where they sold ransomware source code written in C. T
2
Cyclops is a possible alias for Lockbit. Cyclops, also known as Knight and later rebranded as RansomHub, is a malware that emerged in the threat landscape in May 2023. This malicious software, designed to exploit and damage computer systems, infects systems through suspicious downloads, emails, or websites and can steal personal informatio
2
Noname is a possible alias for Lockbit. NoName, also known as CosmicBeetle, is a pro-Russia threat actor group that has been active since at least 2020. The group is notorious for exploiting years-old vulnerabilities in systems, particularly those of small and medium-sized businesses, which have often left these flaws unpatched. They have
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Ransom
RaaS
Extortion
Encryption
Malware
Vulnerability
Exploit
Windows
Linux
Data Leak
Esxi
Cybercrime
Macos
Phishing
Encrypt
Vpn
Infiltration
Locker
netscaler
Zero Day
Cobalt Strike
Fbi
Payload
citrix
Antivirus
Police
Bitcoin
Ransomware P...
Papercut
XSS (Cross S...
Boeing
Lateral Move...
Source
Github
Russia
Telegram
Exploits
Moveit
TSMC
Nca
Microsoft
Bot
exploited
Kaspersky
Malwarebytes
Sophos
Apple
Uk
Botnet
T1486
Fraud
bugs
Health
Healthcare
Tool
Esxiargs
Federal
CISA
Reconnaissance
Scam
Rmm
Symantec
Hospital
Remote Code ...
Financial
Proxy
Trojan
Japan
Wordpress
Hospitals
Rapid7
Aws
Breachforums
Social Media
India
Ddos
Secureworks
Hardware
Mitre
NCSC
Backdoor
exploitation
PowerShell
ICBC
Government
Indonesia
Education
Youtube
Poc
Loader
LOTL
russian
Signal
Vmware
Dragos
Mandiant
Twitter
Chrome
Wiper
Credentials
Flashpoint
Europol
Screenconnect
ConnectWise
Firefox
Android
Denial of Se...
RCE (Remote ...
Spyware
Apt
Zero Day
Worm
Cisco
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Conti Malware is associated with Lockbit. Conti is a type of malware, specifically ransomware, that was designed to infiltrate computer systems, disrupt operations, and potentially hold data hostage for ransom. It has been linked to various ransomware groups such as Quantum, MountLocker, and the notorious Conti ransomware gang. The softwareis related to
16
The Clop Malware is associated with Lockbit. Clop, a malicious software (malware), is linked to a Russian-speaking cybercriminal group also known as Cl0p. It is designed to exploit and damage computer systems by stealing personal information, disrupting operations, or holding data hostage for ransom. In May 2023, the Clop group began exploitinis related to
16
The Lockbit Black Malware is associated with Lockbit. LockBit Black, also known as LockBit 3.0, is a malicious software that emerged in early 2022 following the release of its predecessor, LockBit 2.0 (or LockBit Red) in mid-2021. The malware has been developed to exploit and damage computer systems by encrypting files, often leading to ransom demands is related to
12
The REvil Malware is associated with Lockbit. REvil, also known as Sodinokibi, is a malicious software (malware) that operates on a Ransomware as a Service (RaaS) model. This model became increasingly popular in 2020, with first-stage malware like Dridex and Gootkit being linked to ransomware attacks such as BitPaymer and REvil respectively. ThUnspecified
9
The Lockbit Green Malware is associated with Lockbit. LockBit, also known as Gold Mystic and Water Selkie, is a notorious ransomware group that has been active since its inception in September 2019. It has developed several variants of its malware over the years, including LockBit 1.0, LockBit 2.0, LockBit 3.0, and most recently, LockBit Green. The grois related to
9
The Rorschach Malware is associated with Lockbit. Rorschach, also known as BabLock, is a malware variant that has been recognized for its speed and sophistication. It is a form of ransomware that encrypts files on infected systems at an unprecedented rate, with Check Point researchers noting it as one of the fastest ransomware variants ever observeUnspecified
6
The Black Basta Malware is associated with Lockbit. Black Basta is a notorious malware group known for its sophisticated ransomware attacks, which have targeted numerous high-profile entities. The group has demonstrated a remarkable ability to adapt their tactics, techniques, and procedures (TTPs), allowing them to effectively evade security defensesUnspecified
6
The 3am Malware is associated with Lockbit. 3AM is a new ransomware family that emerged in the cyber threat landscape, as discovered by Symantec's Threat Hunter Team in September 2023. This malicious software, written in Rust, is designed to exploit and damage computer systems, often infiltrating them without the user's knowledge through suspis related to
5
The Lockbit Red Malware is associated with Lockbit. LockBit, a notorious ransomware, underwent a significant upgrade to LockBit 2.0 (also known as LockBit Red) in mid-2021. This malware version, designed to exploit and damage computer systems, was often propagated through suspicious downloads, emails, or websites. Once infiltrated, it could steal perUnspecified
5
The Royal Ransomware Malware is associated with Lockbit. The Royal Ransomware, a harmful malware program designed to exploit and damage computer systems, operated from September 2022 through June 2023. It employed multi-threaded encryption to disrupt operations and hold data hostage for ransom. The ransomware was primarily disseminated through suspicious Unspecified
5
The NoEscape Malware is associated with Lockbit. NoEscape is a malicious software, or malware, known for its ransomware capabilities. It infiltrates systems often undetected via suspicious downloads, emails, or websites, causing significant harm by stealing personal data, disrupting operations, and holding data hostage for ransom. In October 2023,Unspecified
4
The Rorschach Ransomware Malware is associated with Lockbit. The Rorschach ransomware, also known as BabLock, is a new and unique strain of malware that was first identified by Check Point Research (CPR) and the Check Point Incident Response Team (CPIRT) in April 2023. The ransomware, which was named after the famous psychological test due to its varied appeaUnspecified
4
The Ryuk Malware is associated with Lockbit. Ryuk is a type of malware known as ransomware, which has been utilized by the threat group ITG23 for several years. This group has been notorious for crypting their malware, with crypters seen in use with other malware such as Trickbot, Emotet, Cobalt Strike, and Ryuk. In 2019, most ransomware invesUnspecified
4
The Cactus Malware is associated with Lockbit. Cactus is a type of malware, specifically ransomware, known for its malicious activities including data theft and system disruption. This malware has been linked to several high-profile attacks, spreading primarily through malvertising campaigns that leverage the DanaBot Trojan. Notably, the Cactus Unspecified
4
The HELLOKITTY Malware is associated with Lockbit. HelloKitty is a malicious software (malware) that has been designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold datUnspecified
3
The Locker Ransomware Malware is associated with Lockbit. Locker ransomware, a type of malware, poses significant risks to computer systems and data. Unlike crypto-ransomware which encrypts user data, locker ransomware locks users out of their devices entirely, demanding a ransom payment to restore access without any data encryption. This threat has evolveUnspecified
3
The malware Conti, Lockbit is associated with Lockbit. Unspecified
3
The QakBot Malware is associated with Lockbit. Qakbot is a malicious software (malware) designed to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user, with the potential to steal personal information, disrupt operations, or hold data for ransom. Built by dUnspecified
3
The National Hazard Agency Malware is associated with Lockbit. The National Hazard Agency is a newly identified malware group reportedly led by a man in his 20s from Ukraine. This malicious software, or malware, is designed to infiltrate and damage computer systems, often without the user's knowledge. The group uses suspicious downloads, emails, or websites to Unspecified
3
The Bablock Malware is associated with Lockbit. BabLock, also known as Rorschach, is a type of malware that operates as ransomware. First identified by Check Point Research in April 2023, this harmful software infiltrates computer systems and devices, often without the user's knowledge, with the aim to exploit, damage, and potentially hold data his related to
3
The Raspberry Robin Malware is associated with Lockbit. Raspberry Robin is a sophisticated malware that uses advanced techniques to infiltrate and exploit computer systems. The malicious software is designed to stealthily enter a system through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can wreak havoc by stUnspecified
3
The Ragnar Locker Malware is associated with Lockbit. Ragnar Locker is a type of malware, specifically ransomware, known for its destructive impact on computer systems. It infiltrates systems primarily through suspicious downloads, emails, or websites, and once inside, it can steal personal information, disrupt operations, or hold data hostage for ransUnspecified
3
The Karakurt Malware is associated with Lockbit. Karakurt is a malicious software (malware) that has been linked to significant data extortion activities. The malware is affiliated with the notorious Conti cybercrime syndicate and ITG23, which are known for their disruptive operations, including data theft and ransom demands. In 2023, there was a Unspecified
3
The Rhysida Ransomware Malware is associated with Lockbit. The Rhysida ransomware, a malicious software known for exploiting and damaging computer systems, has been actively disrupting cybersecurity since May 2023. This malware infects systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal peUnspecified
3
The Lockbit V3 Malware is associated with Lockbit. LockBit v3, also known as LockBit Black, is a potent malware that was initially detected in June 2022. This malicious software is designed to exploit and damage computer systems by encrypting files rapidly, often without the user's knowledge. It infiltrates systems through suspicious downloads, emaiis related to
3
The Ghost Malware is associated with Lockbit. "Ghost" refers to a type of malware that was distributed through a network of GitHub accounts, known as the Stargazers Ghost Network. This malicious software was identified by Check Point Research and was spread via phishing repositories. The malware was designed to exploit and damage computer systeis related to
3
The Conti Encryptor Malware is associated with Lockbit. Conti Encryptor is a type of malware, a malicious software designed to exploit and damage computer systems. It can infiltrate systems through various channels such as suspicious downloads, emails, or websites, often without the user's knowledge. Once it has gained access, Conti Encryptor can cause sUnspecified
3
The Phobos Malware is associated with Lockbit. Phobos is a type of malware, specifically ransomware, that has been causing significant cybersecurity concerns. Ransomware is a malicious software that infects systems, often without the user's knowledge, via suspicious downloads, emails, or websites. Once inside, it can disrupt operations and hold Unspecified
3
The Pegasus Malware is associated with Lockbit. Pegasus is a sophisticated malware developed by the Israeli company, NSO Group. It is a zero-click espionage tool that can be deployed without user interaction, making it highly effective and intrusive. The spyware was used to target various individuals, including Russian journalist Galina TimchenkoUnspecified
2
The Darkrace Malware is associated with Lockbit. DarkRace, a variant of malware known as ransomware, first appeared in mid-2023 and was identified as a significant threat by cybersecurity firm Cyble. The malware employs a strategy of double extortion, not only encrypting the victim's files and demanding a ransom for their decryption, but also threUnspecified
2
The Gazprom Malware is associated with Lockbit. Gazprom, named after the Russian gas giant, is a malicious software (malware) that has been causing significant disruption in the digital world. The malware uses leaked Conti source code and is often mistaken for LockBit crypto-locker due to its similar operational style. This confusion is further cUnspecified
2
The Werewolves Malware is associated with Lockbit. The Werewolves group, a new entrant into the malware scene, has been identified as a significant threat due to its use of LockBit3 ransomware and leaked Conti source code. The group, which was first reported by Russian cybersecurity firm F.A.C.C.T. in November 2023, began its operations in June 2023Unspecified
2
The Trigona Malware is associated with Lockbit. Trigona was a significant strain of ransomware that emerged in 2022, known for its harmful effects on computer systems. The malware infiltrated systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it could steal personal information, disrupt opeUnspecified
2
The TrickBot Malware is associated with Lockbit. TrickBot is a notorious malware developed by cybercriminals to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites. This malicious software can steal personal information, disrupt operations, or even hold data hostage for ransom. Vladimir Dunaev,Unspecified
2
The Threeam Malware is associated with Lockbit. ThreeAM, a developing ransomware group, was first tracked by GRIT in September 2023. The threat actor responsible initially attempted to deploy the LockBit ransomware encryptor but resorted to using ThreeAM ransomware after the former failed. This shift in strategy came in light of recent law enforcUnspecified
2
The Xworm Malware is associated with Lockbit. XWorm is a sophisticated piece of malware designed to infiltrate and exploit computer systems, often without the user's knowledge. It can be delivered through various means such as suspicious downloads, emails, or websites, and once inside a system, it can steal personal information, disrupt operatiUnspecified
2
The WastedLocker Malware is associated with Lockbit. WastedLocker is a sophisticated malware developed by the Evil Corp Group, a notorious cybercriminal organization. This malware is a form of ransomware that targets both Windows and Android devices, encrypting users' data and demanding a ransom for its release. Originating in 2020, WastedLocker utiliUnspecified
2
The Redline Malware is associated with Lockbit. RedLine is a type of malware, a malicious software designed to exploit and damage computer systems. It often infiltrates systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data for ransom. RedLine has been favored by threat actorUnspecified
2
The Monti Malware is associated with Lockbit. Monti is a malicious software, or malware, specifically a member of the Linux ransomware family. Ransomware is designed to infiltrate computer systems, often without the user's knowledge, through suspect downloads, emails, or websites. Once inside, it can cause significant damage by stealing personaUnspecified
2
The Mallox Malware is associated with Lockbit. Mallox is a potent malware that has been causing significant disruption in the digital world. This ransomware, primarily infiltrating networks via SQL servers, has shown its ability to adapt and evolve over time. PCrisk has identified new variants of Mallox that append extensions such as .ma1x0, .coUnspecified
2
The Snatch Malware is associated with Lockbit. Snatch is a type of malware, specifically a ransomware, that poses significant threats to digital security. This malicious software infiltrates systems typically via suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, Snatch can cause extensive damage, incUnspecified
2
The Emotet Malware is associated with Lockbit. Emotet is a notorious malware, short for malicious software, that is designed to exploit and damage computers or devices. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user, with the potential to steal personal information, disrupt operations, Unspecified
2
The Maze Malware is associated with Lockbit. Maze is a form of malicious software, or malware, that pioneered a novel double-extortion tactic in the cyber threat landscape. Its modus operandi involves stealing victims' files before encrypting them, thereby enabling the threat actors to threaten both the disruption of operations and the releaseUnspecified
2
The MedusaLocker Malware is associated with Lockbit. MedusaLocker is a potent malware, first observed in 2019, that primarily targets the healthcare sector. It operates as a Ransomware-as-a-Service (RaaS), often using the double extortion method for monetary gain. This ransomware has been particularly effective during periods of disorder and confusionUnspecified
2
The Raccoon Stealer Malware is associated with Lockbit. Raccoon Stealer, a malware-as-a-service (MaaS) operation, emerged in 2019, designed by Russian-speaking developers to steal victims' sensitive data such as credit card information, email credentials, and cryptocurrency wallets. The malware was initially promoted exclusively on Russian-speaking hackiUnspecified
2
The Blacksuit Malware is associated with Lockbit. BlackSuit is a malicious software (malware) that has been causing significant harm in the digital world. It infiltrates systems through dubious downloads, emails, or websites, and once inside, it can steal personal data, disrupt operations, or hold data hostage for ransom. BlackSuit malware, which iUnspecified
2
The Aukill Malware is associated with Lockbit. AuKill, a malicious software (malware) developed by the notorious cybercrime collective FIN7, has been identified as a significant threat to endpoint security. The malware was designed to exploit a vulnerable version of a driver for Microsoft's Process Explorer utility, thereby disabling endpoint prUnspecified
2
The AsyncRAT Malware is associated with Lockbit. AsyncRAT is a malicious software (malware) that infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold your data hostage for ransom. It has recently risen to prominence, raUnspecified
2
The malware Hive Raas is associated with Lockbit. Unspecified
2
The Lockbit v3.0 Malware is associated with Lockbit. LockBit v3.0 is a malicious software variant, known for its capability to encrypt up to 25,000 files per minute. This potent ransomware was first encountered almost a year ago, and despite not being the fastest of its kind, it poses a significant threat due to the average time required to detect andis related to
2
The cryptolocker Malware is associated with Lockbit. CryptoLocker is a type of malware known as ransomware that emerged as a significant cybersecurity threat. This malicious software infects systems through suspicious downloads, emails, or websites and then encrypts the user's documents, demanding a ransom for their recovery. It has been described as Unspecified
2
The Raccoon Malware is associated with Lockbit. Raccoon is a malicious software (malware) developed by Russian-speaking coders, first spotted in April 2019. It was designed to steal sensitive data such as credit card information, email credentials, cryptocurrency wallets, and more from its victims. The malware is offered as a service (MaaS) for $Unspecified
2
The Lockbit v.3 Malware is associated with Lockbit. LockBit v.3 is a type of malware, specifically ransomware, that poses significant threats to computer systems and devices. It infiltrates systems through dubious downloads, emails, or websites, often without the user's awareness. Once inside, it can steal personal information, disrupt operations, oris related to
2
The WannaCry Malware is associated with Lockbit. WannaCry is a type of malware, specifically ransomware, that made headlines in 2017 as one of the most devastating cyberattacks in recent history. The WannaCry ransomware exploited vulnerabilities in Windows' Server Message Block protocol (SMBv1), specifically CVE-2017-0144, CVE-2017-0145, and CVE-2Unspecified
2
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Alphv Threat Actor is associated with Lockbit. Alphv, also known as BlackCat, is a notable threat actor in the cybersecurity landscape. Originating from Russia, this cybercriminal group has been involved in multiple high-profile ransomware attacks, specifically targeting healthcare providers. They gained significant attention after stealing 5TB is related to
19
The LockBitSupp Threat Actor is associated with Lockbit. LockBitSupp, a prominent threat actor, has been identified as Russian national Dmitry Yuryevich Khoroshev. The group's activities have been under scrutiny due to its involvement in ransomware attacks and other cybercrimes. Khoroshev, who was operating under the aliases "LockBit" and "LockBitSupp," iis related to
11
The Blackmatter Threat Actor is associated with Lockbit. BlackMatter, a threat actor in the cybersecurity realm, is known for its malicious activities and has been linked to several ransomware strains. The group emerged as a successor to the DarkSide ransomware, which was responsible for the high-profile attack on the Colonial Pipeline in May 2021. Howeveis related to
9
The Bassterlord Threat Actor is associated with Lockbit. Bassterlord, a known threat actor and affiliate of the LockBit group, has been associated with multiple malicious cyber activities since August 2021. Operating under the alias "Bassterlord," Ivan Kondratyev allegedly deployed LockBit ransomware against private and municipal entities in New York, Oreis related to
8
The Evil Corp Threat Actor is associated with Lockbit. Evil Corp, a threat actor based in Russia, has been identified as a significant cybersecurity threat due to its involvement in various malicious activities, including the deployment of Dridex malware. The group is led by Maksim Yakubets and has been sanctioned by the Treasury Department for its cybeis related to
7
The Vasiliev Threat Actor is associated with Lockbit. Mikhail Vasiliev, a dual Russian-Canadian national known by various online aliases such as "Ghostrider," was a key threat actor involved in the global LockBit ransomware campaign. Alongside fellow members like Ruslan Magomedovich Astamirov, and others including Sungatov, Kondratyev, and Mikhail PavlUnspecified
7
The Ransomhub Threat Actor is associated with Lockbit. RansomHub, a threat actor in the realm of cybersecurity, has emerged as a significant player within the ransomware landscape. The group is known for its malicious activities, including data breaches and extortion attempts. It has been observed that RansomHub affiliates actively participate in campaiUnspecified
6
The Medusa Threat Actor is associated with Lockbit. Medusa, a threat actor group known for its malicious activities, has been increasingly involved in multiple high-profile cyber attacks. In November 2023, Medusa and other groups like LockBit and ALPHV (BlackCat) exploited a zero-day vulnerability, the Citrix Bleed (CVE-2023-4966), leading to numerouUnspecified
6
The DarkSide Threat Actor is associated with Lockbit. DarkSide is a threat actor known for its malicious activities, primarily in the realm of ransomware attacks. One of their most notable exploits occurred on May 7, 2021, when they targeted Colonial Pipeline Co., a major player in the U.S. energy sector. The attack disrupted the gasoline supply acrossUnspecified
6
The Artur Sungatov Threat Actor is associated with Lockbit. In February 2024, the U.S. Justice Department unsealed an indictment in the District of New Jersey against Russian nationals Artur Sungatov and Ivan Kondratyev, also known as Bassterlord, for their involvement with the LockBit ransomware group. This notorious cybercriminal organization has been actiis related to
6
The Wazawaka Threat Actor is associated with Lockbit. Wazawaka, identified by the FBI as Mikhail Matveev, is a significant threat actor in the cybercrime landscape. Known for his affiliations with multiple ransomware groups, including LockBit, throughout 2020 and 2021, he became a central figure in the Babuk ransomware-as-a-service gang. Matveev's operUnspecified
6
The Bl00dy Threat Actor is associated with Lockbit. Bl00dy is a threat actor known for its malicious activities in the cyber world. The group, along with another threat actor called Black Basta, have recently been identified as exploiting bugs in ConnectWise ScreenConnect, a popular remote management tool. This exploitation has led to a significant iUnspecified
5
The Hive Ransomware Threat Actor is associated with Lockbit. Hive ransomware, a prominent threat actor active in 2022, was known for its widespread malicious activities in numerous countries, including the US. The group's modus operandi involved the use of SharpRhino, which upon execution, established persistence and provided remote access to the attackers, eUnspecified
5
The Mikhail Matveev Threat Actor is associated with Lockbit. Mikhail Matveev, also known by the aliases Wazawaka, m1x, Boriselcin, and Uhodiransomwar, is a prominent threat actor associated with significant cybercrime activities. His involvement in the cybercrime world was traced back to 2020 and 2021 when he was identified as an affiliate of LockBit, a notorUnspecified
5
The Rhysida Threat Actor is associated with Lockbit. Rhysida is a globally active threat actor known for its ransomware operations, which have impacted a wide range of sectors, particularly the government and public sector. Their use of CleanUpLoader makes their operations highly effective and difficult to detect, as it not only facilitates persistencUnspecified
4
The Mikhail Pavlovich Matveev Threat Actor is associated with Lockbit. Mikhail Pavlovich Matveev, a Russian national also known by online monikers Wazawaka, m1x, Boriselcin, and Uhodiransomwar, has been identified as a major threat actor in the world of cybersecurity. Matveev is among five Russians charged in connection with Lockbit, a group widely recognized as one ofUnspecified
4
The Qilin Threat Actor is associated with Lockbit. Qilin, a threat actor known for its malicious activities in the cyberspace, has been on the rise with an increase in victim count by 44% reaching 140 in Q3. This group is part of the Octo Tempest group which recently added RansomHub and Qilin ransomware to its arsenal, enhancing its capabilities to Unspecified
4
The Dmitry Yuryevich Khoroshev Threat Actor is associated with Lockbit. Dmitry Yuryevich Khoroshev, a Russian national from Voronezh, has been identified as a significant threat actor in the cybersecurity landscape. Known by his alias "LockBitSupp," Khoroshev is allegedly the creator, developer, and administrator of LockBit, a notorious ransomware group. His real identiUnspecified
4
The Vice Society Threat Actor is associated with Lockbit. Vice Society, a threat actor or hacking team with malicious intent, has been active since 2022 and has made significant waves in the cybersecurity world. The group is known for deploying various forms of ransomware, including BlackCat, Quantum Locker, Zeppelin, and their own branded variant of ZeppeUnspecified
4
The Ivan Kondratyev Threat Actor is associated with Lockbit. Ivan Kondratyev, also known as Bassterlord, is a recognized threat actor associated with the notorious LockBit ransomware group. The Russian national has been linked to malicious cyber activities targeting numerous businesses and industries across the United States and globally. Operating alongside is related to
4
The Uhodiransomwar Threat Actor is associated with Lockbit. Uhodiransomwar, also known as Mikhail Pavlovich Matveev, Wazawaka, m1x, and Boriselcin, is a significant threat actor in the cybersecurity landscape. A Russian national aged 30, Matveev has been implicated in a series of malicious cyber activities since at least 2020. He is alleged to have participaUnspecified
4
The Lapsus Threat Actor is associated with Lockbit. Lapsus is a significant threat actor that has been active since its inception in early 2022. The group gained notoriety for its cyberattacks, including a high-profile breach of Nvidia, an American multinational technology company, in the same year. This attack led to the leak of thousands of passworUnspecified
3
The Bianlian Threat Actor is associated with Lockbit. BianLian is a threat actor group known for its malicious activities, primarily involving ransomware attacks. The group has been particularly active in 2024, exploiting bugs in JetBrains TeamCity software to launch its attacks. This method of attack has caused significant disruptions and data breacheUnspecified
3
The Sodinokibi Threat Actor is associated with Lockbit. Sodinokibi, also known as REvil, is a highly active and impactful threat actor first identified in April 2019. Operating as a ransomware-as-a-service (RaaS), this group has been responsible for a significant proportion of global ransomware incidents. In 2020, Sodinokibi ransomware attacks accounted Unspecified
3
The Boriselcin Threat Actor is associated with Lockbit. Mikhail Pavlovich Matveev, also known as Boriselcin, is a threat actor that has been implicated in significant cybercrime activities. Beginning at least as early as 2020, Matveev has been allegedly involved in deploying three ransomware variants: LockBit, Babuk, and Hive. These attacks targeted variUnspecified
3
The Blackbyte Threat Actor is associated with Lockbit. BlackByte, a threat actor believed to be an offshoot of the notorious Conti group, has been observed by cybersecurity experts exploiting a recently disclosed VMware ESXi vulnerability (CVE-2024-37085) to gain control over virtual machines and escalate privileges within compromised environments. ThisUnspecified
3
The Ghostrider Threat Actor is associated with Lockbit. Ghostrider, also known as a threat actor, is an online alias used by Vasiliev, who has been associated with multiple cyberattacks between 2021 and 2023. Other aliases utilized by Vasiliev include "Free," "Digitalocean90," "Digitalocean99," "Digitalwaters99," and "Newwave110." The primary tool of disUnspecified
2
The threatActor Newwave110 is associated with Lockbit. Unspecified
2
The Gandcrab Threat Actor is associated with Lockbit. GandCrab, a threat actor, is known for its malicious activities involving ransomware attacks. Originating from Russian origins and evolving from Team Truniger, a former GandCrab affiliate, the group has been linked to numerous ransomware variants including Bad Rabbit, LockBit 2.0, STOP/DJVU, and REvUnspecified
2
The Black Cat Threat Actor is associated with Lockbit. Black Cat, also known as AlphV, is a threat actor recognized for its malicious cyber activities. The group has been responsible for several high-profile attacks, including one on Change Healthcare, a subsidiary of Optum and UnitedHealth Group (UHG), in late February. Following the attack, Black Cat Unspecified
2
The 8base Threat Actor is associated with Lockbit. 8base, a significant threat actor in the cybersecurity landscape, has been active between April 2022 and May 2023. This group, while not new, has recently increased its visibility with the activation of a public leak site used to pressure victims into paying ransoms. In the last month alone, 8base oUnspecified
2
The Gold Blazer Threat Actor is associated with Lockbit. GOLD BLAZER is a threat actor identified as the operator of the BlackCat/ALPV ransomware. This group, along with others such as GOLD MYSTIC (LockBit) and GOLD TAHOE (Cl0p), continues to dominate the ransomware landscape. While these established groups maintain their stronghold, new threat actors areUnspecified
2
The RansomedVC Threat Actor is associated with Lockbit. RansomedVC, a new threat actor in the cybersecurity landscape, has emerged as a significant concern due to its unorthodox approaches and deceptive tactics. This group is suspected to be an enterprise of a single individual threat actor, who has previously been associated with other cybercrime operatUnspecified
2
The FIN7 Threat Actor is associated with Lockbit. FIN7, also known as Carbanak, Carbon Spider, Cobalt Group, and Navigator Group, is a notorious cybercrime group that has been active since 2012. The group is recognized for its advanced combination of malware and social engineering tactics, having executed numerous successful attacks against global Unspecified
2
The Hunters International Threat Actor is associated with Lockbit. Hunters International, an active threat actor group since October of the previous year, has been identified as a significant cybersecurity concern. The group has taken over and rebranded the Hive ransomware, despite their disputes about this association. This development followed the disbandment of Unspecified
2
The Cosmicbeetle Threat Actor is associated with Lockbit. CosmicBeetle, also known as NoName, is a threat actor that has been active since 2020. ESET researchers have recently published an in-depth analysis of this cybercrime group's activities. Despite the crude and clumsy nature of its operations, CosmicBeetle has managed to compromise various targets woUnspecified
2
The M1x Threat Actor is associated with Lockbit. M1x, also known as Wazawaka, Boriselcin, and Uhodiransomwar, is a threat actor identified as Mikhail Pavlovich Matveev. This individual has been allegedly involved in malicious cyber activities since at least 2020. Matveev's primary mode of operation involves the deployment of ransomware, specificalUnspecified
2
The Kimsuky Threat Actor is associated with Lockbit. Kimsuky, also known as APT43, Springtail, ARCHIPELAGO, Black Banshee, Thallium, and Velvet Chollima, is a North Korea-linked threat actor first spotted in 2013 by Kaspersky researchers. This group has been involved in various cyberespionage activities, primarily targeting government entities and defUnspecified
2
The Colonel Cassad Threat Actor is associated with Lockbit. Colonel Cassad, a self-proclaimed military journalist based in Sevastopol, Russia, has been identified as a potential threat actor in the cybersecurity landscape. The individual is known for soliciting donations for Russian militia group operations in the sanctioned jurisdictions of Donetsk and LuhaUnspecified
2
The Akira Ransomware Gang Threat Actor is associated with Lockbit. The Akira ransomware gang, a malicious threat actor in the cybersecurity landscape, has been actively involved in several high-profile cyber attacks. They use sophisticated techniques to infiltrate systems and steal sensitive data, posing significant threats to both private companies and government Unspecified
2
Associated Vulnerabilities
To see the evidence that has resulted in these vulnerability associations, create a free account
Alias DescriptionAssociation TypeVotes
The Citrix Bleed Vulnerability is associated with Lockbit. Citrix Bleed (CVE-2023-4966) is a severe software vulnerability, with a CVSS score of 9.4, identified in Citrix Netscaler Gateway and Netscaler ADC products. This flaw allows unauthorized disclosure of sensitive information, enabling attackers to gain remote access to organizations that rely on CitrTargets
9
The CVE-2023-4966 Vulnerability is associated with Lockbit. CVE-2023-4966, also known as Citrix Bleed, is a significant software vulnerability discovered in the Citrix NetScaler ADC and Gateway products. The flaw, characterized as a sensitive information disclosure vulnerability, poses a serious threat due to its high CVSS score of 9.4. This vulnerability waUnspecified
6
The CVE-2023-3824 Vulnerability is associated with Lockbit. CVE-2023-3824 is a critical vulnerability that resides in the PHP software. This flaw in software design or implementation was exposed and exploited, leading to significant cybersecurity implications. This vulnerability became notably prominent following its exploitation during the resurgence of theUnspecified
5
The CVE-2023-20269 Vulnerability is associated with Lockbit. CVE-2023-20269 is a zero-day vulnerability found in Cisco's Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. This flaw in software design or implementation has been actively exploited by ransomware groups to gain initial access to corporate networks. The exploitation ofUnspecified
5
The vulnerability Lockbit's Ghost is associated with Lockbit. Unspecified
2
The CVE-2023-27350 Vulnerability is associated with Lockbit. CVE-2023-27350 represents a significant software vulnerability in PaperCut MF/NG, identified as an improper access control flaw. This weakness allows attackers to bypass authentication processes, providing them with the ability to execute code with system privileges. The vulnerability was first updaUnspecified
2
The vulnerability CVE-2023-27351 is associated with Lockbit. Unspecified
2
The CVE-2024-1708 Vulnerability is associated with Lockbit. CVE-2024-1708 is a high-severity path traversal vulnerability that was discovered in ConnectWise's ScreenConnect software. This flaw, which affects versions 23.9.7 and earlier, allows a remote privileged user to read arbitrary files on the system using a specially crafted HTTP request. ConnectWise dUnspecified
2
The CVE-2024-1709 Vulnerability is associated with Lockbit. CVE-2024-1709 is a critical vulnerability in the ConnectWise ScreenConnect software that allows for an authentication bypass. This flaw can enable a remote non-authenticated attacker to bypass the system's authentication process and gain full access. The issue was identified by Sophos Rapid ResponseUnspecified
2
Source Document References
Information about the Lockbit Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CERT-EU
8 months ago
InfoSecurity-magazine
6 days ago
DARKReading
6 days ago
DARKReading
6 days ago
CISA
6 days ago
BankInfoSecurity
16 days ago
Checkpoint
17 days ago
BankInfoSecurity
17 days ago
BankInfoSecurity
19 days ago
ESET
23 days ago
ESET
23 days ago
Securityaffairs
23 days ago
BankInfoSecurity
a month ago
DARKReading
a month ago
InfoSecurity-magazine
a month ago
Trend Micro
a month ago
BankInfoSecurity
a month ago
Securelist
a month ago
BankInfoSecurity
a month ago
InfoSecurity-magazine
a month ago