Lockbit

Malware updated 3 days ago (2024-10-15T01:01:06.603Z)
Download STIX
Preview STIX
LockBit is a notorious malware that operates on a ransomware-as-a-service model, which has been responsible for significant cyber attacks across the globe. One of its most high-profile targets was Boeing, from whom the LockBit gang claimed to have stolen data. This incident not only disrupted operations at Boeing but also sent shockwaves through the cybersecurity community, prompting a shift in approach from the then-nascent Biden administration towards a more aggressive stance on ransomware threats. The attack on Boeing catalyzed a multiyear international effort aimed at disrupting the ransomware underground, including LockBit and Evil Corp. This operation, known as Cronos, involved law enforcement agencies from the United Kingdom, United States, France, and Spain. The UK's National Crime Agency and National Cybersecurity Center played a key role, obtaining 2,500 decryption keys and a list of all LockBit affiliate usernames and Bitcoin addresses linked to victim payments. This initial effort in February resulted in the seizure of 35 LockBit servers, significantly disrupting the group's activities. Despite these successes, the fight against ransomware continues. A new group, RansomHub, emerged just a week after the initial LockBit takedown in February 2024. Meanwhile, cybersecurity experts continue to grapple with the ongoing threat posed by ransomware. High-profile incidents such as the LockBit attack on London Drugs and breaches affecting Ontario hospitals serve as stark reminders of the persistent danger. However, the concerted international response to LockBit demonstrates a strong commitment to combating this type of cybercrime.
Description last updated: 2024-10-15T00:15:33.805Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Babuk is a possible alias for Lockbit. Babuk is a form of malware, specifically ransomware, that infiltrates computer systems and encrypts files, rendering them inaccessible to the user. It typically infects systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can disrupt operatio
8
Dragonforce is a possible alias for Lockbit. DragonForce is a malicious software (malware) developed by a hacktivist group of the same name. This malware has been used in a series of attacks targeting various organizations globally. In 2022, DragonForce targeted over 70 government and commercial entities in India, disrupting their web resource
4
Gold Mystic is a possible alias for Lockbit. Gold Mystic, also known as LockBit and Water Selkie, is a notable threat group that began ransomware operations in 2019. They adopted the LockBit name for their file-encrypting malware in 2020 and listed their first victims on the leak site in September of the same year. After a six-month period of
3
Putinkrab is a possible alias for Lockbit. Putinkrab, a threat actor, is known for its involvement in the development and use of highly successful ransomware strains. Emerging onto the scene in 2019, Putinkrab first appeared on Russian cybercrime forums such as XSS, Exploit, and UFOLabs, where they sold ransomware source code written in C. T
2
Cyclops is a possible alias for Lockbit. Cyclops, also known as Knight and later rebranded as RansomHub, is a malware that emerged in the threat landscape in May 2023. This malicious software, designed to exploit and damage computer systems, infects systems through suspicious downloads, emails, or websites and can steal personal informatio
2
Noname is a possible alias for Lockbit. NoName, also known as CosmicBeetle, is a pro-Russia threat actor group that has been active since at least 2020. The group is notorious for exploiting years-old vulnerabilities in systems, particularly those of small and medium-sized businesses, which have often left these flaws unpatched. They have
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Ransom
Clop
RaaS
Malware
Extortion
Vulnerability
Encryption
Exploit
Windows
Linux
Data Leak
Macos
Phishing
Cybercrime
Esxi
Encrypt
Vpn
netscaler
Zero Day
Locker
Infiltration
Payload
Cobalt Strike
Antivirus
Fbi
citrix
Police
Bitcoin
Ransomware P...
Papercut
XSS (Cross S...
Boeing
Lateral Move...
Russia
Telegram
TSMC
Exploits
Github
Nca
Moveit
Source
Microsoft
exploited
Kaspersky
Malwarebytes
Sophos
Apple
Uk
Botnet
T1486
Fraud
bugs
Health
Healthcare
Tool
Bot
Esxiargs
Federal
CISA
Reconnaissance
Scam
Rmm
Symantec
Hospital
Remote Code ...
Financial
Proxy
Wordpress
Worm
Indonesia
Trojan
Rapid7
Hospitals
Breachforums
Social Media
India
Ddos
Mitre
NCSC
Secureworks
Hardware
Backdoor
exploitation
Government
PowerShell
ICBC
Education
Youtube
Poc
Loader
Dragos
LOTL
russian
Signal
Vmware
Mandiant
Twitter
Chrome
Credentials
Wiper
Flashpoint
Europol
Screenconnect
Android
Denial of Se...
RCE (Remote ...
ConnectWise
Firefox
Spyware
Apt
Cisco
Zero Day
Japan
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Conti Malware is associated with Lockbit. Conti is a notorious type of malware, specifically ransomware, that infiltrates computer systems to steal data and disrupt operations. The malicious software often spreads through suspicious downloads, emails, or websites, and once inside, it can hold data hostage for ransom. The Conti ransomware opis related to
16
The Lockbit Black Malware is associated with Lockbit. LockBit Black, also known as LockBit 3.0, is a malicious software that emerged in early 2022 following the release of its predecessor, LockBit 2.0 (or LockBit Red) in mid-2021. The malware has been developed to exploit and damage computer systems by encrypting files, often leading to ransom demands is related to
12
The REvil Malware is associated with Lockbit. REvil is a notorious malware, specifically a type of ransomware, that gained prominence in the cybercrime world as part of the Ransomware as a Service (RaaS) model. This model became increasingly popular in 2020, establishing relationships between first-stage malwares and subsequent ransomware attacUnspecified
9
The Lockbit Green Malware is associated with Lockbit. LockBit, also known as Gold Mystic and Water Selkie, is a notorious ransomware group that has been active since its inception in September 2019. It has developed several variants of its malware over the years, including LockBit 1.0, LockBit 2.0, LockBit 3.0, and most recently, LockBit Green. The grois related to
9
The Rorschach Malware is associated with Lockbit. Rorschach, also known as BabLock, is a malware variant that has been recognized for its speed and sophistication. It is a form of ransomware that encrypts files on infected systems at an unprecedented rate, with Check Point researchers noting it as one of the fastest ransomware variants ever observeUnspecified
6
The Black Basta Malware is associated with Lockbit. Black Basta is a notorious malware and ransomware group known for its high-profile attacks on various sectors. The group, also known as Storm-0506, has been active since at least early 2022 and has accumulated over $107 million in Bitcoin ransom payments. It deploys malicious software to exploit vulUnspecified
6
The 3am Malware is associated with Lockbit. 3AM is a new ransomware family that emerged in the cyber threat landscape, as discovered by Symantec's Threat Hunter Team in September 2023. This malicious software, written in Rust, is designed to exploit and damage computer systems, often infiltrating them without the user's knowledge through suspis related to
5
The Lockbit Red Malware is associated with Lockbit. LockBit, a notorious ransomware, underwent a significant upgrade to LockBit 2.0 (also known as LockBit Red) in mid-2021. This malware version, designed to exploit and damage computer systems, was often propagated through suspicious downloads, emails, or websites. Once infiltrated, it could steal perUnspecified
5
The Royal Ransomware Malware is associated with Lockbit. The Royal Ransomware, a harmful malware program designed to exploit and damage computer systems, operated from September 2022 through June 2023. It employed multi-threaded encryption to disrupt operations and hold data hostage for ransom. The ransomware was primarily disseminated through suspicious Unspecified
5
The NoEscape Malware is associated with Lockbit. NoEscape is a malicious software, or malware, known for its ransomware capabilities. It infiltrates systems often undetected via suspicious downloads, emails, or websites, causing significant harm by stealing personal data, disrupting operations, and holding data hostage for ransom. In October 2023,Unspecified
4
The Rorschach Ransomware Malware is associated with Lockbit. The Rorschach ransomware, also known as BabLock, is a new and unique strain of malware that was first identified by Check Point Research (CPR) and the Check Point Incident Response Team (CPIRT) in April 2023. The ransomware, which was named after the famous psychological test due to its varied appeaUnspecified
4
The Ryuk Malware is associated with Lockbit. Ryuk is a type of malware known as ransomware, which has been utilized by the threat group ITG23 for several years. This group has been notorious for crypting their malware, with crypters seen in use with other malware such as Trickbot, Emotet, Cobalt Strike, and Ryuk. In 2019, most ransomware invesUnspecified
4
The Cactus Malware is associated with Lockbit. Cactus is a malicious software (malware) known for its destructive capabilities, particularly in the form of ransomware attacks. It primarily infiltrates systems through suspicious downloads, emails, or websites and can cause severe damage by stealing personal information, disrupting operations, or Unspecified
4
The malware Conti, Lockbit is associated with Lockbit. Unspecified
3
The HELLOKITTY Malware is associated with Lockbit. HelloKitty is a malicious software (malware) that has been designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold datUnspecified
3
The Locker Ransomware Malware is associated with Lockbit. Locker ransomware, a type of malware, poses significant risks to computer systems and data. Unlike crypto-ransomware which encrypts user data, locker ransomware locks users out of their devices entirely, demanding a ransom payment to restore access without any data encryption. This threat has evolveUnspecified
3
The QakBot Malware is associated with Lockbit. Qakbot is a potent piece of malware, or malicious software, that infiltrates computer systems through suspicious downloads, emails, or websites. Once installed, it can steal personal information, disrupt operations, or even hold data hostage for ransom. This malware, built by various groups includinUnspecified
3
The National Hazard Agency Malware is associated with Lockbit. The National Hazard Agency is a newly identified malware group reportedly led by a man in his 20s from Ukraine. This malicious software, or malware, is designed to infiltrate and damage computer systems, often without the user's knowledge. The group uses suspicious downloads, emails, or websites to Unspecified
3
The Bablock Malware is associated with Lockbit. BabLock, also known as Rorschach, is a type of malware that operates as ransomware. First identified by Check Point Research in April 2023, this harmful software infiltrates computer systems and devices, often without the user's knowledge, with the aim to exploit, damage, and potentially hold data his related to
3
The Raspberry Robin Malware is associated with Lockbit. Raspberry Robin is a sophisticated piece of malware that uses a variety of tactics to infiltrate and exploit computer systems. It employs the CPUID instruction to conduct several checks, enabling it to assess the system's characteristics and vulnerabilities. Furthermore, Raspberry Robin has been obsUnspecified
3
The Ragnar Locker Malware is associated with Lockbit. Ragnar Locker is a type of malware, specifically ransomware, known for its destructive impact on computer systems. It infiltrates systems primarily through suspicious downloads, emails, or websites, and once inside, it can steal personal information, disrupt operations, or hold data hostage for ransUnspecified
3
The Karakurt Malware is associated with Lockbit. Karakurt is a malicious software (malware) that has been linked to significant data extortion activities. The malware is affiliated with the notorious Conti cybercrime syndicate and ITG23, which are known for their disruptive operations, including data theft and ransom demands. In 2023, there was a Unspecified
3
The Lockbit V3 Malware is associated with Lockbit. LockBit v3, also known as LockBit Black, is a potent malware that was initially detected in June 2022. This malicious software is designed to exploit and damage computer systems by encrypting files rapidly, often without the user's knowledge. It infiltrates systems through suspicious downloads, emaiis related to
3
The Ghost Malware is associated with Lockbit. "Ghost" refers to a sophisticated malware network that was discovered and dismantled in 2020 following a two-year investigation led by Europol and global law enforcement agencies. The network, also known as the Stargazers Ghost Network, was found to be operating through GitHub accounts, distributingis related to
3
The Conti Encryptor Malware is associated with Lockbit. Conti Encryptor is a type of malware, a malicious software designed to exploit and damage computer systems. It can infiltrate systems through various channels such as suspicious downloads, emails, or websites, often without the user's knowledge. Once it has gained access, Conti Encryptor can cause sUnspecified
3
The Phobos Malware is associated with Lockbit. Phobos is a type of malware, specifically ransomware, that has been causing significant cybersecurity concerns. Ransomware is a malicious software that infects systems, often without the user's knowledge, via suspicious downloads, emails, or websites. Once inside, it can disrupt operations and hold Unspecified
3
The Pegasus Malware is associated with Lockbit. Pegasus is a sophisticated malware developed by the Israeli company, NSO Group. It is a zero-click espionage tool that can be deployed without user interaction, making it highly effective and intrusive. The spyware was used to target various individuals, including Russian journalist Galina TimchenkoUnspecified
2
The Darkrace Malware is associated with Lockbit. DarkRace, a variant of malware known as ransomware, first appeared in mid-2023 and was identified as a significant threat by cybersecurity firm Cyble. The malware employs a strategy of double extortion, not only encrypting the victim's files and demanding a ransom for their decryption, but also threUnspecified
2
The Gazprom Malware is associated with Lockbit. Gazprom, named after the Russian gas giant, is a malicious software (malware) that has been causing significant disruption in the digital world. The malware uses leaked Conti source code and is often mistaken for LockBit crypto-locker due to its similar operational style. This confusion is further cUnspecified
2
The Trigona Malware is associated with Lockbit. Trigona was a significant strain of ransomware that emerged in 2022, known for its harmful effects on computer systems. The malware infiltrated systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it could steal personal information, disrupt opeUnspecified
2
The Werewolves Malware is associated with Lockbit. The Werewolves group, a new entrant into the malware scene, has been identified as a significant threat due to its use of LockBit3 ransomware and leaked Conti source code. The group, which was first reported by Russian cybersecurity firm F.A.C.C.T. in November 2023, began its operations in June 2023Unspecified
2
The TrickBot Malware is associated with Lockbit. TrickBot is a notorious malware that has been used extensively by cybercriminals to exploit and damage computer systems. It operates as a crimeware-as-a-service platform, infecting systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steaUnspecified
2
The Threeam Malware is associated with Lockbit. ThreeAM, a developing ransomware group, was first tracked by GRIT in September 2023. The threat actor responsible initially attempted to deploy the LockBit ransomware encryptor but resorted to using ThreeAM ransomware after the former failed. This shift in strategy came in light of recent law enforcUnspecified
2
The Xworm Malware is associated with Lockbit. XWorm is a sophisticated piece of malware designed to infiltrate and exploit computer systems, often without the user's knowledge. It can be delivered through various means such as suspicious downloads, emails, or websites, and once inside a system, it can steal personal information, disrupt operatiUnspecified
2
The Revil/sodinokibi Malware is associated with Lockbit. REvil/Sodinokibi is a type of malware, specifically ransomware, first identified on September 24, 2019. This malicious software is designed to infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, it can steal personal information,Unspecified
2
The WastedLocker Malware is associated with Lockbit. WastedLocker is a sophisticated malware developed by the Evil Corp Group, a notorious cybercriminal organization. This malware is a form of ransomware that targets both Windows and Android devices, encrypting users' data and demanding a ransom for its release. Originating in 2020, WastedLocker utiliUnspecified
2
The Redline Malware is associated with Lockbit. RedLine is a type of malware, a malicious software designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, RedLine can steal personal information, disrupt operations, or deliver further Unspecified
2
The Monti Malware is associated with Lockbit. Monti is a malicious software, or malware, specifically a member of the Linux ransomware family. Ransomware is designed to infiltrate computer systems, often without the user's knowledge, through suspect downloads, emails, or websites. Once inside, it can cause significant damage by stealing personaUnspecified
2
The Mallox Malware is associated with Lockbit. Mallox is a potent malware that has been causing significant disruption in the digital world. This ransomware, primarily infiltrating networks via SQL servers, has shown its ability to adapt and evolve over time. PCrisk has identified new variants of Mallox that append extensions such as .ma1x0, .coUnspecified
2
The Rhysida Ransomware Malware is associated with Lockbit. The Rhysida ransomware group, a malicious software entity, has been actively launching cyberattacks since May 2023. Their modus operandi involves infiltrating systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, they exploit and damage the system, stUnspecified
2
The Emotet Malware is associated with Lockbit. Emotet is a particularly dangerous and insidious type of malware that has reemerged as a significant threat. This malicious software, which infects systems through suspicious downloads, emails, or websites, can steal personal information, disrupt operations, or even hold data for ransom. Emotet-infeUnspecified
2
The Snatch Malware is associated with Lockbit. Snatch is a type of malware, specifically a ransomware, that poses significant threats to digital security. This malicious software infiltrates systems typically via suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, Snatch can cause extensive damage, incUnspecified
2
The Maze Malware is associated with Lockbit. Maze is a form of malicious software, or malware, that pioneered a novel double-extortion tactic in the cyber threat landscape. Its modus operandi involves stealing victims' files before encrypting them, thereby enabling the threat actors to threaten both the disruption of operations and the releaseUnspecified
2
The MedusaLocker Malware is associated with Lockbit. MedusaLocker is a potent malware, first observed in 2019, that primarily targets the healthcare sector. It operates as a Ransomware-as-a-Service (RaaS), often using the double extortion method for monetary gain. This ransomware has been particularly effective during periods of disorder and confusionUnspecified
2
The Raccoon Stealer Malware is associated with Lockbit. Raccoon Stealer, a malware-as-a-service (MaaS) operation, emerged in 2019, designed by Russian-speaking developers to steal victims' sensitive data such as credit card information, email credentials, and cryptocurrency wallets. The malware was initially promoted exclusively on Russian-speaking hackiUnspecified
2
The Blacksuit Malware is associated with Lockbit. BlackSuit is a malicious software (malware) that has been causing significant harm in the digital world. It infiltrates systems through dubious downloads, emails, or websites, and once inside, it can steal personal data, disrupt operations, or hold data hostage for ransom. BlackSuit malware, which iUnspecified
2
The Aukill Malware is associated with Lockbit. AuKill, a malicious software (malware) developed by the notorious cybercrime collective FIN7, has been identified as a significant threat to endpoint security. The malware was designed to exploit a vulnerable version of a driver for Microsoft's Process Explorer utility, thereby disabling endpoint prUnspecified
2
The malware Hive Raas is associated with Lockbit. Unspecified
2
The WannaCry Malware is associated with Lockbit. WannaCry, a potent malware, emerged as one of the most destructive cyberattacks in recent history when it struck in May 2017. Leveraging Windows SMBv1 Remote Code Execution vulnerabilities (CVE-2017-0144, CVE-2017-0145, and CVE-2017-0143), WannaCry rapidly spread across systems worldwide, encryptingUnspecified
2
The Lockbit v3.0 Malware is associated with Lockbit. LockBit v3.0 is a malicious software variant, known for its capability to encrypt up to 25,000 files per minute. This potent ransomware was first encountered almost a year ago, and despite not being the fastest of its kind, it poses a significant threat due to the average time required to detect andis related to
2
The cryptolocker Malware is associated with Lockbit. CryptoLocker is a type of malware known as ransomware that emerged as a significant cyber threat in the mid-2010s. This malicious software infiltrates systems through suspicious downloads, emails, or infected websites, often unbeknownst to the user. Once inside, it encrypts the system's files and deUnspecified
2
The Raccoon Malware is associated with Lockbit. Raccoon is a malicious software (malware) developed by Russian-speaking coders, first spotted in April 2019. It was designed to steal sensitive data such as credit card information, email credentials, cryptocurrency wallets, and more from its victims. The malware is offered as a service (MaaS) for $Unspecified
2
The AsyncRAT Malware is associated with Lockbit. AsyncRAT is a malicious software (malware) that infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold your data hostage for ransom. It has recently risen to prominence, raUnspecified
2
The Lockbit v.3 Malware is associated with Lockbit. LockBit v.3 is a type of malware, specifically ransomware, that poses significant threats to computer systems and devices. It infiltrates systems through dubious downloads, emails, or websites, often without the user's awareness. Once inside, it can steal personal information, disrupt operations, oris related to
2
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Alphv Threat Actor is associated with Lockbit. AlphV, also known as BlackCat, is a notorious threat actor that has been active since November 2021. This group pioneered the public leaks business model and has been associated with various ransomware families, including Akira, LockBit, Play, and Basta. AlphV gained significant attention for its lais related to
18
The LockBitSupp Threat Actor is associated with Lockbit. LockBitSupp, a threat actor and the alleged developer of one of the most prolific ransomware variants known as LockBit, has been identified as Russian national Dmitry Yuryevich Khoroshev. Khoroshev, who operated under aliases "LockBit" and "LockBitSupp," began developing the ransomware as early as Sis related to
11
The Blackmatter Threat Actor is associated with Lockbit. BlackMatter is a recognized threat actor in the cybersecurity industry, notorious for its malicious activities and the execution of ransomware attacks. The group initially operated as DarkSide, responsible for the high-profile Colonial Pipeline attack in May 2021, which led to significant attention is related to
9
The Bassterlord Threat Actor is associated with Lockbit. Bassterlord, a known threat actor and affiliate of the LockBit group, has been associated with multiple malicious cyber activities since August 2021. Operating under the alias "Bassterlord," Ivan Kondratyev allegedly deployed LockBit ransomware against private and municipal entities in New York, Oreis related to
8
The Evil Corp Threat Actor is associated with Lockbit. Evil Corp, a threat actor based in Russia, has been identified as a significant cybersecurity threat due to its involvement in various malicious activities, including the deployment of Dridex malware. The group is led by Maksim Yakubets and has been sanctioned by the Treasury Department for its cybeis related to
7
The Vasiliev Threat Actor is associated with Lockbit. Mikhail Vasiliev, a dual Russian-Canadian national known by various online aliases such as "Ghostrider," was a key threat actor involved in the global LockBit ransomware campaign. Alongside fellow members like Ruslan Magomedovich Astamirov, and others including Sungatov, Kondratyev, and Mikhail PavlUnspecified
7
The Wazawaka Threat Actor is associated with Lockbit. Wazawaka, identified by the FBI as Mikhail Matveev, is a significant threat actor in the cybercrime landscape. Known for his affiliations with multiple ransomware groups, including LockBit, throughout 2020 and 2021, he became a central figure in the Babuk ransomware-as-a-service gang. Matveev's operUnspecified
6
The Artur Sungatov Threat Actor is associated with Lockbit. In February 2024, the U.S. Justice Department unsealed an indictment in the District of New Jersey against Russian nationals Artur Sungatov and Ivan Kondratyev, also known as Bassterlord, for their involvement with the LockBit ransomware group. This notorious cybercriminal organization has been actiis related to
6
The Ransomhub Threat Actor is associated with Lockbit. RansomHub is a threat actor that emerged as a new group in the cybersecurity landscape in February 2024, following the initial takedown of LockBit. Many former LockBit affiliates seemed to have either started working independently using freely available ransomware source code such as Phobos or alignUnspecified
6
The DarkSide Threat Actor is associated with Lockbit. DarkSide is a threat actor known for its malicious activities, primarily in the realm of ransomware attacks. One of their most notable exploits occurred on May 7, 2021, when they targeted Colonial Pipeline Co., a major player in the U.S. energy sector. The attack disrupted the gasoline supply acrossUnspecified
6
The Medusa Threat Actor is associated with Lockbit. Medusa, a prominent threat actor in the cybersecurity landscape, has been increasingly active with its ransomware attacks. The group made headlines in November 2023 when it leveraged a zero-day exploit for the Citrix Bleed vulnerability (CVE-2023-4966), leading to numerous compromises alongside otheUnspecified
6
The Bl00dy Threat Actor is associated with Lockbit. Bl00dy is a threat actor known for its malicious activities in the cyber world. The group, along with another threat actor called Black Basta, have recently been identified as exploiting bugs in ConnectWise ScreenConnect, a popular remote management tool. This exploitation has led to a significant iUnspecified
5
The Hive Ransomware Threat Actor is associated with Lockbit. Hive ransomware, a prominent threat actor active in 2022, was known for its widespread malicious activities in numerous countries, including the US. The group's modus operandi involved the use of SharpRhino, which upon execution, established persistence and provided remote access to the attackers, eUnspecified
5
The Mikhail Matveev Threat Actor is associated with Lockbit. Mikhail Matveev, also known by the aliases Wazawaka, m1x, Boriselcin, and Uhodiransomwar, is a prominent threat actor associated with significant cybercrime activities. His involvement in the cybercrime world was traced back to 2020 and 2021 when he was identified as an affiliate of LockBit, a notorUnspecified
5
The Rhysida Threat Actor is associated with Lockbit. Rhysida, a threat actor active since May 2023, has been responsible for numerous high-profile ransomware attacks. The group is known for its use of various ransomware families, including BlackCat, Hello Kitty, Quantum Locker, Rhysida, Zeppelin, and its own eponymous program, to aid in double extortiUnspecified
4
The Uhodiransomwar Threat Actor is associated with Lockbit. Uhodiransomwar, also known as Mikhail Pavlovich Matveev, Wazawaka, m1x, and Boriselcin, is a significant threat actor in the cybersecurity landscape. A Russian national aged 30, Matveev has been implicated in a series of malicious cyber activities since at least 2020. He is alleged to have participaUnspecified
4
The Mikhail Pavlovich Matveev Threat Actor is associated with Lockbit. Mikhail Pavlovich Matveev, a Russian national also known by online monikers Wazawaka, m1x, Boriselcin, and Uhodiransomwar, has been identified as a major threat actor in the world of cybersecurity. Matveev is among five Russians charged in connection with Lockbit, a group widely recognized as one ofUnspecified
4
The Dmitry Yuryevich Khoroshev Threat Actor is associated with Lockbit. Dmitry Yuryevich Khoroshev, a Russian national from Voronezh, Russia, is identified as a significant threat actor in the cybersecurity landscape. Known by the alias "LockBitSupp," Khoroshev has been revealed as the creator, developer, and administrator of LockBit, a notorious ransomware group. His iUnspecified
4
The Vice Society Threat Actor is associated with Lockbit. Vice Society, a threat actor or hacking team with malicious intent, has been active since 2022 and has made significant waves in the cybersecurity world. The group is known for deploying various forms of ransomware, including BlackCat, Quantum Locker, Zeppelin, and their own branded variant of ZeppeUnspecified
4
The Ivan Kondratyev Threat Actor is associated with Lockbit. Ivan Kondratyev, also known as Bassterlord, is a recognized threat actor associated with the notorious LockBit ransomware group. The Russian national has been linked to malicious cyber activities targeting numerous businesses and industries across the United States and globally. Operating alongside is related to
4
The Lapsus Threat Actor is associated with Lockbit. Lapsus is a significant threat actor that has been active since its inception in early 2022. The group gained notoriety for its cyberattacks, including a high-profile breach of Nvidia, an American multinational technology company, in the same year. This attack led to the leak of thousands of passworUnspecified
3
The Sodinokibi Threat Actor is associated with Lockbit. Sodinokibi, also known as REvil, is a significant threat actor first identified in April 2019. This ransomware family operates as a Ransomware-as-a-Service (RaaS) and has been responsible for one in three ransomware incidents responded to by IBM Security X-Force in 2020. The Sodinokibi ransomware stUnspecified
3
The Boriselcin Threat Actor is associated with Lockbit. Mikhail Pavlovich Matveev, also known as Boriselcin, is a threat actor that has been implicated in significant cybercrime activities. Beginning at least as early as 2020, Matveev has been allegedly involved in deploying three ransomware variants: LockBit, Babuk, and Hive. These attacks targeted variUnspecified
3
The Qilin Threat Actor is associated with Lockbit. Qilin is a prominent threat actor known for its malicious cyber activities, including the deployment of ransomware. In recent events, it has been observed that Qilin has partnered with the Octo Tempest group, adding RansomHub and Qilin ransomware to its arsenal. This strategic partnership presents aUnspecified
3
The Blackbyte Threat Actor is associated with Lockbit. BlackByte, a threat actor believed to be an offshoot of the notorious Conti group, has been observed by cybersecurity experts exploiting a recently disclosed VMware ESXi vulnerability (CVE-2024-37085) to gain control over virtual machines and escalate privileges within compromised environments. ThisUnspecified
3
The Colonel Cassad Threat Actor is associated with Lockbit. Colonel Cassad, a self-proclaimed military journalist based in Sevastopol, Russia, has been identified as a potential threat actor in the cybersecurity landscape. The individual is known for soliciting donations for Russian militia group operations in the sanctioned jurisdictions of Donetsk and LuhaUnspecified
2
The Ghostrider Threat Actor is associated with Lockbit. Ghostrider, also known as a threat actor, is an online alias used by Vasiliev, who has been associated with multiple cyberattacks between 2021 and 2023. Other aliases utilized by Vasiliev include "Free," "Digitalocean90," "Digitalocean99," "Digitalwaters99," and "Newwave110." The primary tool of disUnspecified
2
The Black Cat Threat Actor is associated with Lockbit. Black Cat, also known as AlphV, is a threat actor recognized for its malicious cyber activities. The group has been responsible for several high-profile attacks, including one on Change Healthcare, a subsidiary of Optum and UnitedHealth Group (UHG), in late February. Following the attack, Black Cat Unspecified
2
The threatActor Newwave110 is associated with Lockbit. Unspecified
2
The Gandcrab Threat Actor is associated with Lockbit. GandCrab, a threat actor, is known for its malicious activities involving ransomware attacks. Originating from Russian origins and evolving from Team Truniger, a former GandCrab affiliate, the group has been linked to numerous ransomware variants including Bad Rabbit, LockBit 2.0, STOP/DJVU, and REvUnspecified
2
The 8base Threat Actor is associated with Lockbit. 8base, a significant threat actor in the cybersecurity landscape, has been active between April 2022 and May 2023. This group, while not new, has recently increased its visibility with the activation of a public leak site used to pressure victims into paying ransoms. In the last month alone, 8base oUnspecified
2
The Gold Blazer Threat Actor is associated with Lockbit. GOLD BLAZER is a threat actor identified as the operator of the BlackCat/ALPV ransomware. This group, along with others such as GOLD MYSTIC (LockBit) and GOLD TAHOE (Cl0p), continues to dominate the ransomware landscape. While these established groups maintain their stronghold, new threat actors areUnspecified
2
The RansomedVC Threat Actor is associated with Lockbit. RansomedVC, a new threat actor in the cybersecurity landscape, has emerged as a significant concern due to its unorthodox approaches and deceptive tactics. This group is suspected to be an enterprise of a single individual threat actor, who has previously been associated with other cybercrime operatUnspecified
2
The Bianlian Threat Actor is associated with Lockbit. BianLian is a significant threat actor within the cybersecurity landscape, known for its malicious activities and cyber-attacks. The group has been particularly active in exploiting bugs in JetBrains TeamCity, a popular continuous integration and deployment system used by software development teams.Unspecified
2
The FIN7 Threat Actor is associated with Lockbit. FIN7, also known as Carbanak, Carbon Spider, Cobalt Group, and Navigator Group, is a notorious cybercrime group that has been active since 2012. The group is recognized for its advanced combination of malware and social engineering tactics, having executed numerous successful attacks against global Unspecified
2
The Hunters International Threat Actor is associated with Lockbit. Hunters International is a threat actor group believed to be based in Russia, which has gained prominence in the cybersecurity landscape due to its malicious activities. The group is known for executing sophisticated ransomware attacks, leveraging a tool identified as SharpRhino to gain persistence Unspecified
2
The Cosmicbeetle Threat Actor is associated with Lockbit. CosmicBeetle, a threat actor identified and tracked by ESET since 2020, is a cybercrime group that has been increasingly active in the global cybersecurity landscape. Its operations primarily target small and midsize businesses (SMBs) across various sectors including manufacturing, pharmaceuticals, Unspecified
2
The M1x Threat Actor is associated with Lockbit. M1x, also known as Wazawaka, Boriselcin, and Uhodiransomwar, is a threat actor identified as Mikhail Pavlovich Matveev. This individual has been allegedly involved in malicious cyber activities since at least 2020. Matveev's primary mode of operation involves the deployment of ransomware, specificalUnspecified
2
The Kimsuky Threat Actor is associated with Lockbit. Kimsuky, also known as Springtail, ARCHIPELAGO, Black Banshee, Thallium, Velvet Chollima, and APT43, is a North Korea-linked Advanced Persistent Threat (APT) group first identified by Kaspersky researchers in 2013. The group has been involved in various cyber espionage activities against global targUnspecified
2
The Akira Ransomware Gang Threat Actor is associated with Lockbit. The Akira ransomware gang, a malicious threat actor in the cybersecurity landscape, has been actively involved in several high-profile cyber attacks. They use sophisticated techniques to infiltrate systems and steal sensitive data, posing significant threats to both private companies and government Unspecified
2
Associated Vulnerabilities
To see the evidence that has resulted in these vulnerability associations, create a free account
Alias DescriptionAssociation TypeVotes
The Citrix Bleed Vulnerability is associated with Lockbit. Citrix Bleed, officially designated as CVE-2023-4966, is a significant software vulnerability affecting Citrix Netscaler Gateway and Netscaler ADC products. This flaw in software design or implementation allows for sensitive information disclosure and has been assigned a high severity rating with a Targets
9
The CVE-2023-4966 Vulnerability is associated with Lockbit. CVE-2023-4966, also known as "Citrix Bleed," is a critical zero-day vulnerability affecting Citrix Netscaler Gateway and Netscaler ADC products. Discovered in 2023, this flaw in software design or implementation allows sensitive information disclosure, with a high severity rating of 9.4 on the CommoUnspecified
6
The CVE-2023-20269 Vulnerability is associated with Lockbit. CVE-2023-20269 is a zero-day vulnerability found in Cisco's Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. This flaw in software design or implementation has been actively exploited by ransomware groups to gain initial access to corporate networks. The exploitation ofUnspecified
5
The CVE-2023-3824 Vulnerability is associated with Lockbit. CVE-2023-3824 is a critical vulnerability that resides in the PHP software. This flaw in software design or implementation was exposed and exploited, leading to significant cybersecurity implications. This vulnerability became notably prominent following its exploitation during the resurgence of theUnspecified
5
The vulnerability Lockbit's Ghost is associated with Lockbit. Unspecified
2
The CVE-2023-27350 Vulnerability is associated with Lockbit. CVE-2023-27350 represents a significant software vulnerability in PaperCut MF/NG, identified as an improper access control flaw. This weakness allows attackers to bypass authentication processes, providing them with the ability to execute code with system privileges. The vulnerability was first updaUnspecified
2
The vulnerability CVE-2023-27351 is associated with Lockbit. Unspecified
2
The CVE-2024-1708 Vulnerability is associated with Lockbit. CVE-2024-1708 is a high-severity path traversal vulnerability that was discovered in ConnectWise's ScreenConnect software. This flaw, which affects versions 23.9.7 and earlier, allows a remote privileged user to read arbitrary files on the system using a specially crafted HTTP request. ConnectWise dUnspecified
2
The CVE-2024-1709 Vulnerability is associated with Lockbit. CVE-2024-1709 is a critical vulnerability in the ConnectWise ScreenConnect software that allows for an authentication bypass. This flaw can enable a remote non-authenticated attacker to bypass the system's authentication process and gain full access. The issue was identified by Sophos Rapid ResponseUnspecified
2
Source Document References
Information about the Lockbit Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
InfoSecurity-magazine
3 days ago
BankInfoSecurity
3 days ago
BankInfoSecurity
7 days ago
BankInfoSecurity
8 days ago
InfoSecurity-magazine
9 days ago
BankInfoSecurity
10 days ago
Securityaffairs
12 days ago
BankInfoSecurity
13 days ago
InfoSecurity-magazine
14 days ago
DARKReading
14 days ago
BankInfoSecurity
15 days ago
BankInfoSecurity
15 days ago
BankInfoSecurity
15 days ago
BankInfoSecurity
15 days ago
Securityaffairs
16 days ago
DARKReading
16 days ago
InfoSecurity-magazine
16 days ago
Securityaffairs
16 days ago
BankInfoSecurity
16 days ago
DARKReading
17 days ago