Lockbit

Malware updated a day ago (2024-10-29T20:03:33.446Z)

Download STIX

Preview STIX

LockBit is a type of malware, specifically a ransomware, that infiltrates systems to exploit and damage them. It's known for its disruptive activities such as stealing personal information or holding data hostage for ransom. The LockBit ransomware gang has claimed responsibility for several high-profile attacks, including one on Boeing where they reportedly stole and later leaked sensitive data. This event was widely reported in the cybersecurity community, raising concerns about the security of major corporations. The ransomware landscape has seen significant disruptions due to law enforcement actions against notorious groups like BlackCat and LockBit. These operations led to some reorganization in the Ransomware-as-a-Service (RaaS) space. Operation Cronos, for example, targeted LockBit, impacting its activity levels in the first quarter of 2024. By mid-June, Operation Endgame resulted in the arrest of a 28-year-old Ukrainian man believed to be a developer for Russian ransomware groups Conti and LockBit. Despite these disruptions, LockBit appeared to recover completely by the second quarter, although authorities' revelations about their intelligence might have shaken trust among its affiliates. Amidst these developments, new threats have emerged. For instance, a fake LockBit ransomware was discovered abusing Amazon Web Services' S3 for data exfiltration, showing the adaptability and resilience of these malicious actors. At the same time, RansomHub, powered by ex-affiliates of LockBit and BlackCat, has seen a rise in prominence, seemingly at the expense of LockBit which had previously dominated the ransomware scene. These shifts highlight the fluid and evolving nature of the ransomware landscape.

Description last updated: 2024-10-29T20:03:33.428Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Babuk is a possible alias for Lockbit. Babuk is a form of malware, specifically ransomware, that infiltrates computer systems and encrypts files, rendering them inaccessible to the user. It typically infects systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can disrupt operatio	8
Dragonforce is a possible alias for Lockbit. DragonForce is a malicious software (malware) developed by a hacktivist group of the same name. This malware has been used in a series of attacks targeting various organizations globally. In 2022, DragonForce targeted over 70 government and commercial entities in India, disrupting their web resource	4
Gold Mystic is a possible alias for Lockbit. Gold Mystic, also known as LockBit and Water Selkie, is a notable threat group that began ransomware operations in 2019. They adopted the LockBit name for their file-encrypting malware in 2020 and listed their first victims on the leak site in September of the same year. After a six-month period of	3
Putinkrab is a possible alias for Lockbit. Putinkrab, a threat actor, is known for its involvement in the development and use of highly successful ransomware strains. Emerging onto the scene in 2019, Putinkrab first appeared on Russian cybercrime forums such as XSS, Exploit, and UFOLabs, where they sold ransomware source code written in C. T	2
Cyclops is a possible alias for Lockbit. Cyclops, also known as Knight and later rebranded as RansomHub, is a malware that emerged in the threat landscape in May 2023. This malicious software, designed to exploit and damage computer systems, infects systems through suspicious downloads, emails, or websites and can steal personal informatio	2
Noname is a possible alias for Lockbit. NoName, also known as CosmicBeetle, is a pro-Russia threat actor group that has been active since at least 2020. The group is notorious for exploiting years-old vulnerabilities in systems, particularly those of small and medium-sized businesses, which have often left these flaws unpatched. They have	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

Ransom

RaaS

Clop

Encryption

Extortion

Malware

Vulnerability

Exploit

Windows

Linux

Data Leak

Phishing

Esxi

Cybercrime

Macos

Encrypt

Zero Day

Infiltration

Vpn

netscaler

Locker

citrix

Fbi

Antivirus

Payload

Cobalt Strike

Police

Bitcoin

Ransomware P...

Papercut

XSS (Cross S...

Boeing

Lateral Move...

Russia

Exploits

TSMC

Moveit

Nca

Github

Source

Microsoft

Bot

exploited

Kaspersky

Malwarebytes

Sophos

Apple

Botnet

T1486

Fraud

bugs

Health

Healthcare

Tool

Esxiargs

Federal

CISA

Reconnaissance

Scam

Rmm

Symantec

Hospital

Remote Code ...

Financial

Proxy

Worm

Japan

Trojan

Wordpress

Hospitals

Aws

Rapid7

Breachforums

India

Social Media

Ddos

Mitre

Secureworks

Hardware

NCSC

Backdoor

exploitation

russian

Government

PowerShell

ICBC

Indonesia

Education

Youtube

Poc

Loader

LOTL

Vmware

Signal

Dragos

Mandiant

Twitter

Chrome

Wiper

Credentials

Flashpoint

Europol

Screenconnect

ConnectWise

Android

Zero Day

Firefox

Denial of Se...

RCE (Remote ...

Spyware

Apt

Cisco

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The Conti Malware is associated with Lockbit. Conti is a notorious type of malware, specifically ransomware, that infiltrates computer systems to steal data and disrupt operations. The malicious software often spreads through suspicious downloads, emails, or websites, and once inside, it can hold data hostage for ransom. The Conti ransomware op	is related to	16
The Lockbit Black Malware is associated with Lockbit. LockBit Black, also known as LockBit 3.0, is a malicious software that emerged in early 2022 following the release of its predecessor, LockBit 2.0 (or LockBit Red) in mid-2021. The malware has been developed to exploit and damage computer systems by encrypting files, often leading to ransom demands	is related to	12
The Lockbit Green Malware is associated with Lockbit. LockBit, also known as Gold Mystic and Water Selkie, is a notorious ransomware group that has been active since its inception in September 2019. It has developed several variants of its malware over the years, including LockBit 1.0, LockBit 2.0, LockBit 3.0, and most recently, LockBit Green. The gro	is related to	9
The REvil Malware is associated with Lockbit. REvil, a notorious ransomware, emerged as a significant threat to cybersecurity in the context of an increasing trend towards Ransomware as a Service (RaaS) model in 2020. It is connected with other first-stage malware such as Gootkit and Dridex, which pave the way for the REvil ransomware attack. T	Unspecified	9
The Rorschach Malware is associated with Lockbit. Rorschach, also known as BabLock, is a malware variant that has been recognized for its speed and sophistication. It is a form of ransomware that encrypts files on infected systems at an unprecedented rate, with Check Point researchers noting it as one of the fastest ransomware variants ever observe	Unspecified	6
The Black Basta Malware is associated with Lockbit. Black Basta is a notorious malware group known for its sophisticated ransomware attacks, which have targeted numerous high-profile entities. The group has demonstrated a remarkable ability to adapt their tactics, techniques, and procedures (TTPs), allowing them to effectively evade security defenses	Unspecified	6
The 3am Malware is associated with Lockbit. 3AM is a new ransomware family that emerged in the cyber threat landscape, as discovered by Symantec's Threat Hunter Team in September 2023. This malicious software, written in Rust, is designed to exploit and damage computer systems, often infiltrating them without the user's knowledge through susp	is related to	5
The Lockbit Red Malware is associated with Lockbit. LockBit, a notorious ransomware, underwent a significant upgrade to LockBit 2.0 (also known as LockBit Red) in mid-2021. This malware version, designed to exploit and damage computer systems, was often propagated through suspicious downloads, emails, or websites. Once infiltrated, it could steal per	Unspecified	5
The Royal Ransomware Malware is associated with Lockbit. The Royal Ransomware, a harmful malware program designed to exploit and damage computer systems, operated from September 2022 through June 2023. It employed multi-threaded encryption to disrupt operations and hold data hostage for ransom. The ransomware was primarily disseminated through suspicious	Unspecified	5
The Rorschach Ransomware Malware is associated with Lockbit. The Rorschach ransomware, also known as BabLock, is a new and unique strain of malware that was first identified by Check Point Research (CPR) and the Check Point Incident Response Team (CPIRT) in April 2023. The ransomware, which was named after the famous psychological test due to its varied appea	Unspecified	4
The Ryuk Malware is associated with Lockbit. Ryuk is a type of malware known as ransomware, which has been utilized by the threat group ITG23 for several years. This group has been notorious for crypting their malware, with crypters seen in use with other malware such as Trickbot, Emotet, Cobalt Strike, and Ryuk. In 2019, most ransomware inves	Unspecified	4
The NoEscape Malware is associated with Lockbit. NoEscape is a malicious software, or malware, known for its ransomware capabilities. It infiltrates systems often undetected via suspicious downloads, emails, or websites, causing significant harm by stealing personal data, disrupting operations, and holding data hostage for ransom. In October 2023,	Unspecified	4
The Cactus Malware is associated with Lockbit. Cactus is a malicious software (malware) known for its destructive capabilities, particularly in the form of ransomware attacks. It primarily infiltrates systems through suspicious downloads, emails, or websites and can cause severe damage by stealing personal information, disrupting operations, or	Unspecified	4
The HELLOKITTY Malware is associated with Lockbit. HelloKitty is a malicious software (malware) that has been designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold dat	Unspecified	3
The Locker Ransomware Malware is associated with Lockbit. Locker ransomware, a type of malware, poses significant risks to computer systems and data. Unlike crypto-ransomware which encrypts user data, locker ransomware locks users out of their devices entirely, demanding a ransom payment to restore access without any data encryption. This threat has evolve	Unspecified	3
The malware Conti, Lockbit is associated with Lockbit.	Unspecified	3
The QakBot Malware is associated with Lockbit. Qakbot is a potent piece of malware, or malicious software, that infiltrates computer systems through suspicious downloads, emails, or websites. Once installed, it can steal personal information, disrupt operations, or even hold data hostage for ransom. This malware, built by various groups includin	Unspecified	3
The National Hazard Agency Malware is associated with Lockbit. The National Hazard Agency is a newly identified malware group reportedly led by a man in his 20s from Ukraine. This malicious software, or malware, is designed to infiltrate and damage computer systems, often without the user's knowledge. The group uses suspicious downloads, emails, or websites to	Unspecified	3
The Bablock Malware is associated with Lockbit. BabLock, also known as Rorschach, is a type of malware that operates as ransomware. First identified by Check Point Research in April 2023, this harmful software infiltrates computer systems and devices, often without the user's knowledge, with the aim to exploit, damage, and potentially hold data h	is related to	3
The Raspberry Robin Malware is associated with Lockbit. Raspberry Robin is a sophisticated piece of malware that uses a variety of tactics to infiltrate and exploit computer systems. It employs the CPUID instruction to conduct several checks, enabling it to assess the system's characteristics and vulnerabilities. Furthermore, Raspberry Robin has been obs	Unspecified	3
The Ragnar Locker Malware is associated with Lockbit. Ragnar Locker is a type of malware, specifically ransomware, known for its destructive impact on computer systems. It infiltrates systems primarily through suspicious downloads, emails, or websites, and once inside, it can steal personal information, disrupt operations, or hold data hostage for rans	Unspecified	3
The Karakurt Malware is associated with Lockbit. Karakurt is a malicious software (malware) that has been linked to significant data extortion activities. The malware is affiliated with the notorious Conti cybercrime syndicate and ITG23, which are known for their disruptive operations, including data theft and ransom demands. In 2023, there was a	Unspecified	3
The Lockbit V3 Malware is associated with Lockbit. LockBit v3, also known as LockBit Black, is a potent malware that was initially detected in June 2022. This malicious software is designed to exploit and damage computer systems by encrypting files rapidly, often without the user's knowledge. It infiltrates systems through suspicious downloads, emai	is related to	3
The Ghost Malware is associated with Lockbit. "Ghost" refers to a sophisticated malware network that was discovered and dismantled in 2020 following a two-year investigation led by Europol and global law enforcement agencies. The network, also known as the Stargazers Ghost Network, was found to be operating through GitHub accounts, distributing	is related to	3
The Conti Encryptor Malware is associated with Lockbit. Conti Encryptor is a type of malware, a malicious software designed to exploit and damage computer systems. It can infiltrate systems through various channels such as suspicious downloads, emails, or websites, often without the user's knowledge. Once it has gained access, Conti Encryptor can cause s	Unspecified	3
The Phobos Malware is associated with Lockbit. Phobos is a type of malware, specifically ransomware, that has been causing significant cybersecurity concerns. Ransomware is a malicious software that infects systems, often without the user's knowledge, via suspicious downloads, emails, or websites. Once inside, it can disrupt operations and hold	Unspecified	3
The Pegasus Malware is associated with Lockbit. Pegasus is a sophisticated malware developed by the Israeli company, NSO Group. It is a zero-click espionage tool that can be deployed without user interaction, making it highly effective and intrusive. The spyware was used to target various individuals, including Russian journalist Galina Timchenko	Unspecified	2
The Darkrace Malware is associated with Lockbit. DarkRace, a variant of malware known as ransomware, first appeared in mid-2023 and was identified as a significant threat by cybersecurity firm Cyble. The malware employs a strategy of double extortion, not only encrypting the victim's files and demanding a ransom for their decryption, but also thre	Unspecified	2
The Gazprom Malware is associated with Lockbit. Gazprom, named after the Russian gas giant, is a malicious software (malware) that has been causing significant disruption in the digital world. The malware uses leaked Conti source code and is often mistaken for LockBit crypto-locker due to its similar operational style. This confusion is further c	Unspecified	2
The Trigona Malware is associated with Lockbit. Trigona was a significant strain of ransomware that emerged in 2022, known for its harmful effects on computer systems. The malware infiltrated systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it could steal personal information, disrupt ope	Unspecified	2
The Werewolves Malware is associated with Lockbit. The Werewolves group, a new entrant into the malware scene, has been identified as a significant threat due to its use of LockBit3 ransomware and leaked Conti source code. The group, which was first reported by Russian cybersecurity firm F.A.C.C.T. in November 2023, began its operations in June 2023	Unspecified	2
The TrickBot Malware is associated with Lockbit. TrickBot is a notorious malware developed by cybercriminals to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites. This malicious software can steal personal information, disrupt operations, or even hold data hostage for ransom. Vladimir Dunaev,	Unspecified	2
The Threeam Malware is associated with Lockbit. ThreeAM, a developing ransomware group, was first tracked by GRIT in September 2023. The threat actor responsible initially attempted to deploy the LockBit ransomware encryptor but resorted to using ThreeAM ransomware after the former failed. This shift in strategy came in light of recent law enforc	Unspecified	2
The Xworm Malware is associated with Lockbit. XWorm is a sophisticated piece of malware designed to infiltrate and exploit computer systems, often without the user's knowledge. It can be delivered through various means such as suspicious downloads, emails, or websites, and once inside a system, it can steal personal information, disrupt operati	Unspecified	2
The WastedLocker Malware is associated with Lockbit. WastedLocker is a sophisticated malware developed by the Evil Corp Group, a notorious cybercriminal organization. This malware is a form of ransomware that targets both Windows and Android devices, encrypting users' data and demanding a ransom for its release. Originating in 2020, WastedLocker utili	Unspecified	2
The Redline Malware is associated with Lockbit. Redline is a notorious malware, known for its infostealing capabilities and widespread usage among cybercriminals. It is designed to steal personal data from victims' devices, including usernames, passwords, saved form data like addresses, email addresses, phone numbers, and cryptocurrency wallets.	Unspecified	2
The Monti Malware is associated with Lockbit. Monti is a malicious software, or malware, specifically a member of the Linux ransomware family. Ransomware is designed to infiltrate computer systems, often without the user's knowledge, through suspect downloads, emails, or websites. Once inside, it can cause significant damage by stealing persona	Unspecified	2
The Mallox Malware is associated with Lockbit. Mallox is a potent malware that has been causing significant disruption in the digital world. This ransomware, primarily infiltrating networks via SQL servers, has shown its ability to adapt and evolve over time. PCrisk has identified new variants of Mallox that append extensions such as .ma1x0, .co	Unspecified	2
The Rhysida Ransomware Malware is associated with Lockbit. The Rhysida ransomware group, a malicious software entity, has been actively launching cyberattacks since May 2023. Their modus operandi involves infiltrating systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, they exploit and damage the system, st	Unspecified	2
The Snatch Malware is associated with Lockbit. Snatch is a type of malware, specifically a ransomware, that poses significant threats to digital security. This malicious software infiltrates systems typically via suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, Snatch can cause extensive damage, inc	Unspecified	2
The Emotet Malware is associated with Lockbit. Emotet is a notorious malware, short for malicious software, that is designed to exploit and damage computers or devices. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user, with the potential to steal personal information, disrupt operations,	Unspecified	2
The Maze Malware is associated with Lockbit. Maze is a form of malicious software, or malware, that pioneered a novel double-extortion tactic in the cyber threat landscape. Its modus operandi involves stealing victims' files before encrypting them, thereby enabling the threat actors to threaten both the disruption of operations and the release	Unspecified	2
The MedusaLocker Malware is associated with Lockbit. MedusaLocker is a potent malware, first observed in 2019, that primarily targets the healthcare sector. It operates as a Ransomware-as-a-Service (RaaS), often using the double extortion method for monetary gain. This ransomware has been particularly effective during periods of disorder and confusion	Unspecified	2
The Raccoon Stealer Malware is associated with Lockbit. Raccoon Stealer, a malware-as-a-service (MaaS) operation, emerged in 2019, designed by Russian-speaking developers to steal victims' sensitive data such as credit card information, email credentials, and cryptocurrency wallets. The malware was initially promoted exclusively on Russian-speaking hacki	Unspecified	2
The Blacksuit Malware is associated with Lockbit. BlackSuit is a malicious software (malware) that has been causing significant harm in the digital world. It infiltrates systems through dubious downloads, emails, or websites, and once inside, it can steal personal data, disrupt operations, or hold data hostage for ransom. BlackSuit malware, which i	Unspecified	2
The Aukill Malware is associated with Lockbit. AuKill, a malicious software (malware) developed by the notorious cybercrime collective FIN7, has been identified as a significant threat to endpoint security. The malware was designed to exploit a vulnerable version of a driver for Microsoft's Process Explorer utility, thereby disabling endpoint pr	Unspecified	2
The AsyncRAT Malware is associated with Lockbit. AsyncRAT is a malicious software (malware) that infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold your data hostage for ransom. It has recently risen to prominence, ra	Unspecified	2
The malware Hive Raas is associated with Lockbit.	Unspecified	2
The Lockbit v3.0 Malware is associated with Lockbit. LockBit v3.0 is a malicious software variant, known for its capability to encrypt up to 25,000 files per minute. This potent ransomware was first encountered almost a year ago, and despite not being the fastest of its kind, it poses a significant threat due to the average time required to detect and	is related to	2
The cryptolocker Malware is associated with Lockbit. CryptoLocker is a type of malware known as ransomware that emerged as a significant cyber threat in the mid-2010s. This malicious software infiltrates systems through suspicious downloads, emails, or infected websites, often unbeknownst to the user. Once inside, it encrypts the system's files and de	Unspecified	2
The Raccoon Malware is associated with Lockbit. Raccoon is a malicious software (malware) developed by Russian-speaking coders, first spotted in April 2019. It was designed to steal sensitive data such as credit card information, email credentials, cryptocurrency wallets, and more from its victims. The malware is offered as a service (MaaS) for $	Unspecified	2
The Lockbit v.3 Malware is associated with Lockbit. LockBit v.3 is a type of malware, specifically ransomware, that poses significant threats to computer systems and devices. It infiltrates systems through dubious downloads, emails, or websites, often without the user's awareness. Once inside, it can steal personal information, disrupt operations, or	is related to	2
The WannaCry Malware is associated with Lockbit. WannaCry is a type of malware, specifically ransomware, that had one of the most significant impacts in recent cyber history. It first appeared in May 2017 and was known as the largest ransomware attack at the time. The malicious software exploited vulnerabilities in Windows systems (CVE-2017-0144,	Unspecified	2

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The Alphv Threat Actor is associated with Lockbit. Alphv, a threat actor also known as BlackCat, has been identified as a significant player in the cybercrime landscape. The group is responsible for numerous high-profile ransomware attacks, including a major breach of the Morrison Community Hospital, where they pilfered 5TB of data. Additionally, Al	is related to	19
The LockBitSupp Threat Actor is associated with Lockbit. LockBitSupp, a threat actor and the alleged developer of one of the most prolific ransomware variants known as LockBit, has been identified as Russian national Dmitry Yuryevich Khoroshev. Khoroshev, who operated under aliases "LockBit" and "LockBitSupp," began developing the ransomware as early as S	is related to	11
The Blackmatter Threat Actor is associated with Lockbit. BlackMatter is a recognized threat actor in the cybersecurity industry, notorious for its malicious activities and the execution of ransomware attacks. The group initially operated as DarkSide, responsible for the high-profile Colonial Pipeline attack in May 2021, which led to significant attention	is related to	9
The Bassterlord Threat Actor is associated with Lockbit. Bassterlord, a known threat actor and affiliate of the LockBit group, has been associated with multiple malicious cyber activities since August 2021. Operating under the alias "Bassterlord," Ivan Kondratyev allegedly deployed LockBit ransomware against private and municipal entities in New York, Ore	is related to	8
The Vasiliev Threat Actor is associated with Lockbit. Mikhail Vasiliev, a dual Russian-Canadian national known by various online aliases such as "Ghostrider," was a key threat actor involved in the global LockBit ransomware campaign. Alongside fellow members like Ruslan Magomedovich Astamirov, and others including Sungatov, Kondratyev, and Mikhail Pavl	Unspecified	7
The Evil Corp Threat Actor is associated with Lockbit. Evil Corp, a threat actor based in Russia, has been identified as a significant cybersecurity threat due to its involvement in various malicious activities, including the deployment of Dridex malware. The group is led by Maksim Yakubets and has been sanctioned by the Treasury Department for its cybe	is related to	7
The Artur Sungatov Threat Actor is associated with Lockbit. In February 2024, the U.S. Justice Department unsealed an indictment in the District of New Jersey against Russian nationals Artur Sungatov and Ivan Kondratyev, also known as Bassterlord, for their involvement with the LockBit ransomware group. This notorious cybercriminal organization has been acti	is related to	6
The Wazawaka Threat Actor is associated with Lockbit. Wazawaka, identified by the FBI as Mikhail Matveev, is a significant threat actor in the cybercrime landscape. Known for his affiliations with multiple ransomware groups, including LockBit, throughout 2020 and 2021, he became a central figure in the Babuk ransomware-as-a-service gang. Matveev's oper	Unspecified	6
The DarkSide Threat Actor is associated with Lockbit. DarkSide is a threat actor known for its malicious activities, primarily in the realm of ransomware attacks. One of their most notable exploits occurred on May 7, 2021, when they targeted Colonial Pipeline Co., a major player in the U.S. energy sector. The attack disrupted the gasoline supply across	Unspecified	6
The Medusa Threat Actor is associated with Lockbit. Medusa, a prominent threat actor in the cybersecurity landscape, has been increasingly active with its ransomware attacks. The group made headlines in November 2023 when it leveraged a zero-day exploit for the Citrix Bleed vulnerability (CVE-2023-4966), leading to numerous compromises alongside othe	Unspecified	6
The Ransomhub Threat Actor is associated with Lockbit. RansomHub, a threat actor group, has emerged as a significant player in the cybersecurity landscape since its inception in February this year. In less than a year, it has risen to become the number one ransomware operation in terms of claimed successful attacks, according to data from Symantec. This	Unspecified	6
The Bl00dy Threat Actor is associated with Lockbit. Bl00dy is a threat actor known for its malicious activities in the cyber world. The group, along with another threat actor called Black Basta, have recently been identified as exploiting bugs in ConnectWise ScreenConnect, a popular remote management tool. This exploitation has led to a significant i	Unspecified	5
The Hive Ransomware Threat Actor is associated with Lockbit. Hive ransomware, a prominent threat actor active in 2022, was known for its widespread malicious activities in numerous countries, including the US. The group's modus operandi involved the use of SharpRhino, which upon execution, established persistence and provided remote access to the attackers, e	Unspecified	5
The Mikhail Matveev Threat Actor is associated with Lockbit. Mikhail Matveev, also known by the aliases Wazawaka, m1x, Boriselcin, and Uhodiransomwar, is a prominent threat actor associated with significant cybercrime activities. His involvement in the cybercrime world was traced back to 2020 and 2021 when he was identified as an affiliate of LockBit, a notor	Unspecified	5
The Rhysida Threat Actor is associated with Lockbit. Rhysida, a threat actor active since May 2023, has been responsible for numerous high-profile ransomware attacks. The group is known for its use of various ransomware families, including BlackCat, Hello Kitty, Quantum Locker, Rhysida, Zeppelin, and its own eponymous program, to aid in double extorti	Unspecified	4
The Ivan Kondratyev Threat Actor is associated with Lockbit. Ivan Kondratyev, also known as Bassterlord, is a recognized threat actor associated with the notorious LockBit ransomware group. The Russian national has been linked to malicious cyber activities targeting numerous businesses and industries across the United States and globally. Operating alongside	is related to	4
The Mikhail Pavlovich Matveev Threat Actor is associated with Lockbit. Mikhail Pavlovich Matveev, a Russian national also known by online monikers Wazawaka, m1x, Boriselcin, and Uhodiransomwar, has been identified as a major threat actor in the world of cybersecurity. Matveev is among five Russians charged in connection with Lockbit, a group widely recognized as one of	Unspecified	4
The Uhodiransomwar Threat Actor is associated with Lockbit. Uhodiransomwar, also known as Mikhail Pavlovich Matveev, Wazawaka, m1x, and Boriselcin, is a significant threat actor in the cybersecurity landscape. A Russian national aged 30, Matveev has been implicated in a series of malicious cyber activities since at least 2020. He is alleged to have participa	Unspecified	4
The Dmitry Yuryevich Khoroshev Threat Actor is associated with Lockbit. Dmitry Yuryevich Khoroshev, a Russian national from Voronezh, Russia, is identified as a significant threat actor in the cybersecurity landscape. Known by the alias "LockBitSupp," Khoroshev has been revealed as the creator, developer, and administrator of LockBit, a notorious ransomware group. His i	Unspecified	4
The Qilin Threat Actor is associated with Lockbit. Qilin, a threat actor known for its malicious activities in the cyberspace, has been on the rise with an increase in victim count by 44% reaching 140 in Q3. This group is part of the Octo Tempest group which recently added RansomHub and Qilin ransomware to its arsenal, enhancing its capabilities to	Unspecified	4
The Vice Society Threat Actor is associated with Lockbit. Vice Society, a threat actor or hacking team with malicious intent, has been active since 2022 and has made significant waves in the cybersecurity world. The group is known for deploying various forms of ransomware, including BlackCat, Quantum Locker, Zeppelin, and their own branded variant of Zeppe	Unspecified	4
The Lapsus Threat Actor is associated with Lockbit. Lapsus is a significant threat actor that has been active since its inception in early 2022. The group gained notoriety for its cyberattacks, including a high-profile breach of Nvidia, an American multinational technology company, in the same year. This attack led to the leak of thousands of passwor	Unspecified	3
The Sodinokibi Threat Actor is associated with Lockbit. Sodinokibi, also known as REvil, is a significant threat actor first identified in April 2019. This ransomware family operates as a Ransomware-as-a-Service (RaaS) and has been responsible for one in three ransomware incidents responded to by IBM Security X-Force in 2020. The Sodinokibi ransomware st	Unspecified	3
The Boriselcin Threat Actor is associated with Lockbit. Mikhail Pavlovich Matveev, also known as Boriselcin, is a threat actor that has been implicated in significant cybercrime activities. Beginning at least as early as 2020, Matveev has been allegedly involved in deploying three ransomware variants: LockBit, Babuk, and Hive. These attacks targeted vari	Unspecified	3
The Blackbyte Threat Actor is associated with Lockbit. BlackByte, a threat actor believed to be an offshoot of the notorious Conti group, has been observed by cybersecurity experts exploiting a recently disclosed VMware ESXi vulnerability (CVE-2024-37085) to gain control over virtual machines and escalate privileges within compromised environments. This	Unspecified	3
The threatActor Newwave110 is associated with Lockbit.	Unspecified	2
The Gandcrab Threat Actor is associated with Lockbit. GandCrab, a threat actor, is known for its malicious activities involving ransomware attacks. Originating from Russian origins and evolving from Team Truniger, a former GandCrab affiliate, the group has been linked to numerous ransomware variants including Bad Rabbit, LockBit 2.0, STOP/DJVU, and REv	Unspecified	2
The Black Cat Threat Actor is associated with Lockbit. Black Cat, also known as AlphV, is a threat actor recognized for its malicious cyber activities. The group has been responsible for several high-profile attacks, including one on Change Healthcare, a subsidiary of Optum and UnitedHealth Group (UHG), in late February. Following the attack, Black Cat	Unspecified	2
The 8base Threat Actor is associated with Lockbit. 8base, a significant threat actor in the cybersecurity landscape, has been active between April 2022 and May 2023. This group, while not new, has recently increased its visibility with the activation of a public leak site used to pressure victims into paying ransoms. In the last month alone, 8base o	Unspecified	2
The Gold Blazer Threat Actor is associated with Lockbit. GOLD BLAZER is a threat actor identified as the operator of the BlackCat/ALPV ransomware. This group, along with others such as GOLD MYSTIC (LockBit) and GOLD TAHOE (Cl0p), continues to dominate the ransomware landscape. While these established groups maintain their stronghold, new threat actors are	Unspecified	2
The RansomedVC Threat Actor is associated with Lockbit. RansomedVC, a new threat actor in the cybersecurity landscape, has emerged as a significant concern due to its unorthodox approaches and deceptive tactics. This group is suspected to be an enterprise of a single individual threat actor, who has previously been associated with other cybercrime operat	Unspecified	2
The Bianlian Threat Actor is associated with Lockbit. BianLian is a prominent threat actor that has been actively exploiting vulnerabilities in JetBrains TeamCity, leading to several ransomware attacks. This group has made significant strides in the cybersecurity landscape, making its mark as one of the top three ransomware groups targeting the healthc	Unspecified	2
The FIN7 Threat Actor is associated with Lockbit. FIN7, also known as Carbanak, Carbon Spider, Cobalt Group, and Navigator Group, is a notorious cybercrime group that has been active since 2012. The group is recognized for its advanced combination of malware and social engineering tactics, having executed numerous successful attacks against global	Unspecified	2
The Hunters International Threat Actor is associated with Lockbit. Hunters International, an active threat actor group since October of the previous year, has been identified as a significant cybersecurity concern. The group has taken over and rebranded the Hive ransomware, despite their disputes about this association. This development followed the disbandment of	Unspecified	2
The Cosmicbeetle Threat Actor is associated with Lockbit. CosmicBeetle, also known as NoName, is a threat actor that has been active since 2020. ESET researchers have recently published an in-depth analysis of this cybercrime group's activities. Despite the crude and clumsy nature of its operations, CosmicBeetle has managed to compromise various targets wo	Unspecified	2
The M1x Threat Actor is associated with Lockbit. M1x, also known as Wazawaka, Boriselcin, and Uhodiransomwar, is a threat actor identified as Mikhail Pavlovich Matveev. This individual has been allegedly involved in malicious cyber activities since at least 2020. Matveev's primary mode of operation involves the deployment of ransomware, specifical	Unspecified	2
The Kimsuky Threat Actor is associated with Lockbit. Kimsuky, also known as Springtail, ARCHIPELAGO, Black Banshee, Thallium, Velvet Chollima, and APT43, is a North Korea-linked Advanced Persistent Threat (APT) group first identified by Kaspersky researchers in 2013. The group has been involved in various cyber espionage activities against global targ	Unspecified	2
The Akira Ransomware Gang Threat Actor is associated with Lockbit. The Akira ransomware gang, a malicious threat actor in the cybersecurity landscape, has been actively involved in several high-profile cyber attacks. They use sophisticated techniques to infiltrate systems and steal sensitive data, posing significant threats to both private companies and government	Unspecified	2
The Colonel Cassad Threat Actor is associated with Lockbit. Colonel Cassad, a self-proclaimed military journalist based in Sevastopol, Russia, has been identified as a potential threat actor in the cybersecurity landscape. The individual is known for soliciting donations for Russian militia group operations in the sanctioned jurisdictions of Donetsk and Luha	Unspecified	2
The Ghostrider Threat Actor is associated with Lockbit. Ghostrider, also known as a threat actor, is an online alias used by Vasiliev, who has been associated with multiple cyberattacks between 2021 and 2023. Other aliases utilized by Vasiliev include "Free," "Digitalocean90," "Digitalocean99," "Digitalwaters99," and "Newwave110." The primary tool of dis	Unspecified	2

Associated Vulnerabilities

To see the evidence that has resulted in these vulnerability associations, create a free account

Alias Description	Association Type	Votes
The Citrix Bleed Vulnerability is associated with Lockbit. Citrix Bleed, officially designated as CVE-2023-4966, is a significant software vulnerability affecting Citrix Netscaler Gateway and Netscaler ADC products. This flaw in software design or implementation allows for sensitive information disclosure and has been assigned a high severity rating with a	Targets	9
The CVE-2023-4966 Vulnerability is associated with Lockbit. CVE-2023-4966, also known as "Citrix Bleed," is a critical zero-day vulnerability affecting Citrix Netscaler Gateway and Netscaler ADC products. Discovered in 2023, this flaw in software design or implementation allows sensitive information disclosure, with a high severity rating of 9.4 on the Commo	Unspecified	6
The CVE-2023-20269 Vulnerability is associated with Lockbit. CVE-2023-20269 is a zero-day vulnerability found in Cisco's Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. This flaw in software design or implementation has been actively exploited by ransomware groups to gain initial access to corporate networks. The exploitation of	Unspecified	5
The CVE-2023-3824 Vulnerability is associated with Lockbit. CVE-2023-3824 is a critical vulnerability that resides in the PHP software. This flaw in software design or implementation was exposed and exploited, leading to significant cybersecurity implications. This vulnerability became notably prominent following its exploitation during the resurgence of the	Unspecified	5
The vulnerability Lockbit's Ghost is associated with Lockbit.	Unspecified	2
The CVE-2023-27350 Vulnerability is associated with Lockbit. CVE-2023-27350 represents a significant software vulnerability in PaperCut MF/NG, identified as an improper access control flaw. This weakness allows attackers to bypass authentication processes, providing them with the ability to execute code with system privileges. The vulnerability was first upda	Unspecified	2
The vulnerability CVE-2023-27351 is associated with Lockbit.	Unspecified	2
The CVE-2024-1708 Vulnerability is associated with Lockbit. CVE-2024-1708 is a high-severity path traversal vulnerability that was discovered in ConnectWise's ScreenConnect software. This flaw, which affects versions 23.9.7 and earlier, allows a remote privileged user to read arbitrary files on the system using a specially crafted HTTP request. ConnectWise d	Unspecified	2
The CVE-2024-1709 Vulnerability is associated with Lockbit. CVE-2024-1709 is a critical vulnerability in the ConnectWise ScreenConnect software that allows for an authentication bypass. This flaw can enable a remote non-authenticated attacker to bypass the system's authentication process and gain full access. The issue was identified by Sophos Rapid Response	Unspecified	2

Source Document References

Information about the Lockbit Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
ESET	a day ago	Embargo ransomware: Rock’n’Rust
ESET	a day ago	ESET Research Podcast: CosmicBeetle
Securityaffairs	a day ago	Security Affairs newsletter Round 495 by Pierluigi Paganini – INTERNATIONAL EDITION
BankInfoSecurity	7 days ago	Embargo Ransomware Disables Security Defenses
DARKReading	8 days ago	Bumblebee Malware Is Buzzing Back to Life
InfoSecurity-magazine	14 days ago	RansomHub Overtakes LockBit as Most Prolific Ransomware Group
Trend Micro	14 days ago	Fake LockBit Real Damage Ransomware Samples Abuse AWS S3 to Steal Data
BankInfoSecurity	14 days ago	UK Reports 50% Spike in 'Nationally Significant' Incidents
Securelist	12 days ago	Analyzing the familiar tools used by the Crypt Ghouls hacktivists
BankInfoSecurity	12 days ago	BianLian Ransomware Gang Claims Heist of Pediatric Data
InfoSecurity-magazine	16 days ago	Microsoft: Nation-States Team Up with Cybercriminals for Attacks
BankInfoSecurity	16 days ago	Oil and Gas Firms Aware of Cyber Risks
BankInfoSecurity	20 days ago	Operation Cronos Is Disrupting LockBit, Says UK Official
BankInfoSecurity	21 days ago	UK to Continue Disruptive Actions Targeting Cybercrime
InfoSecurity-magazine	23 days ago	31 New Ransomware Groups Join the Ecosystem in 12 Months
BankInfoSecurity	24 days ago	Canada East Summit: From Ransomware to Growing CISO Liability
Securityaffairs	25 days ago	Security Affairs newsletter Round 492 by Pierluigi Paganini – INTERNATIONAL EDITION
BankInfoSecurity	a month ago	ISMG Editors: Russian Cybercrime Syndicates Under Siege
InfoSecurity-magazine	a month ago	Microsoft and US Government Disrupt Russian Star Blizzard Operations
DARKReading	a month ago	Navigating the Security Risks of Multicloud Management