Lockbit Black

Malware Profile Updated 12 days ago
Download STIX
Preview STIX
LockBit Black, also known as LockBit 3.0, is a malware that emerged in early 2022, following the release of its predecessor, LockBit 2.0 (or LockBit Red) in mid-2021. This malicious software, designed to exploit and damage computer systems, encrypts files and often holds them hostage for ransom. The developers behind LockBit have consistently worked on improving the ransomware over time, with LockBit Black sharing similarities with other notable ransomware like BlackMatter and Alphv (also known as BlackCat). In a significant turn of events, a LockBit affiliate leaked the LockBit Black builder code in September 2022 after a disagreement with the group's owners. This leak has allowed multiple cybercrime groups to use the builder code to customize their ransomware tooling and launch their own attacks. For instance, DragonForce, a cybercriminal group, has been reported by cybersecurity company Cyble to utilize a ransomware binary based on the LockBit Black in its attacks. The Phorpiex botnet, a notorious source of spam and malware distribution, has played a crucial role in the propagation of LockBit Black. It has sent millions of phishing emails to deliver the ransomware, marking a significant malspam campaign. This was highlighted in Check Point Research's Global Threat Index for May 2024. Furthermore, a new LockBit Black campaign was observed, according to a report by Cyber NJ, further emphasizing the persistent threat posed by this malware.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Lockbit
11
LockBit is a type of malware, specifically ransomware, that infiltrates systems to exploit and damage them. It can enter your system through various channels such as suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt
Blackmatter
5
BlackMatter is a recognized threat actor in the cybersecurity industry, notorious for its malicious activities and the execution of ransomware attacks. The group initially operated as DarkSide, responsible for the high-profile Colonial Pipeline attack in May 2021, which led to significant attention
Lockbit Red
4
LockBit, a notorious ransomware, underwent a significant upgrade to LockBit 2.0 (also known as LockBit Red) in mid-2021. This malware version, designed to exploit and damage computer systems, was often propagated through suspicious downloads, emails, or websites. Once infiltrated, it could steal per
Lockbit Green
3
LockBit, also known as Gold Mystic and Water Selkie, is a notorious ransomware group that has been active since its inception in September 2019. It has developed several variants of its malware over the years, including LockBit 1.0, LockBit 2.0, LockBit 3.0, and most recently, LockBit Green. The gro
Lockbit V3
3
LockBit v3, also known as LockBit Black, is a potent malware that was initially detected in June 2022. This malicious software is designed to exploit and damage computer systems by encrypting files rapidly, often without the user's knowledge. It infiltrates systems through suspicious downloads, emai
LockBitSupp
2
LockBitSupp, also known as LockBit and putinkrab, is a notorious threat actor responsible for creating and operating one of the most prolific ransomware variants. The individual behind this persona, Dmitry Yuryevich Khoroshev, has been actively involved in ransomware attacks against organizations fo
Alphv
2
AlphV, also known as BlackCat, is a notable threat actor in the cybersecurity landscape. This group has been involved in numerous high-profile attacks, including stealing 5TB of data from Morrison Community Hospital and compromising Clarion, a global manufacturer of audio and video equipment for car
Dragonforce
2
DragonForce is a potent malware identified by cybersecurity researchers in November 2023, known for its ransomware attacks. The malicious software is named after the Malaysian hacktivist group DragonForce, which has been active since at least 2021 and has targeted various government agencies and org
Buhti
1
Buhti is a malicious software, or malware, that was first highlighted by Palo Alto Networks Unit 42 in February 2023. It is a Golang ransomware targeting Linux systems. The Buhti ransomware operation was further detailed by Symantec’s Threat Hunter Team in May of the same year. Its payload included
Buthtiransom
1
None
Black Cat
1
Black Cat, also known as AlphV, is a prominent threat actor known for its malicious activities in the cybersecurity landscape. The group gained significant attention when it launched an attack on Change Healthcare, a subsidiary of Optum and UnitedHealth Group (UHG), in late February. This ransomware
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Ransom
Malware
Payload
Botnet
Phishing
Cybercrime
Ransomware P...
Windows
Esxi
Macos
Chrome
Huntress
Acrobat
Rat
Known Exploi...
Apt
Exploit
Zero Day
RaaS
Trojan
Reconnaissance
Evasive
Encryption
Extortion
Breachforums
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
ContiUnspecified
3
Conti is a type of malware, specifically ransomware, known for its ability to disrupt operations, steal personal information, and hold data hostage for ransom. The malicious software infiltrates systems via suspicious downloads, emails, or websites, often unbeknownst to the user. It has been used in
PhorpiexUnspecified
2
Phorpiex is a notorious malware that has been identified as a substantial threat in the cyber landscape. This malicious software, designed to exploit and damage systems, infiltrates unsuspecting users' devices through suspicious downloads, emails, or websites. Once inside, it can cause significant h
Black BastaUnspecified
2
Black Basta is a notorious malware entity known for its devastating ransomware attacks. First emerging in June 2022, the group has since been associated with a series of high-profile cyber-attacks worldwide. This malware, like others, infiltrates systems through suspicious downloads, emails, or webs
XwormUnspecified
1
XWorm is a multi-functional malware that provides threat actors with remote access capabilities, has the potential to spread across networks, exfiltrate sensitive data, and download additional payloads. It was observed exploiting ScreenConnect vulnerabilities, a client software used for remote syste
AsyncRATUnspecified
1
AsyncRAT is a malicious software (malware) designed to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data hostage for ransom. Once the executable loads http_dll.dll, the DL
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
DarkSideUnspecified
2
DarkSide is a notable threat actor that emerged in the cybersecurity landscape with its advanced ransomware operations. In 2021, the group gained significant attention for its attack on the United States' largest oil pipeline, Colonial Pipeline, causing a temporary halt to all operations for three d
Bl00dyUnspecified
2
Bl00dy is a threat actor known for its malicious activities in the cyber world. The group, along with another threat actor called Black Basta, have recently been identified as exploiting bugs in ConnectWise ScreenConnect, a popular remote management tool. This exploitation has led to a significant i
FIN7Unspecified
2
FIN7, a notorious threat actor group known for its malicious activities, has recently been identified as targeting a large U.S. carmaker with phishing attacks. This group, which has previously operated behind fake cybersecurity companies such as Combi Security and Bastion Secure to recruit security
KimsukyUnspecified
1
Kimsuky is a North Korea-linked advanced persistent threat (APT) group that conducts global cyber-attacks to gather intelligence for the North Korean government. The group has been identified as a significant threat actor, executing actions with malicious intent, and has recently targeted victims vi
Tornado CashUnspecified
1
Tornado Cash, a known threat actor in the cybersecurity landscape, has been under the spotlight for its illicit activities. The group is associated with various malicious intents and actions, ranging from a single person to a private company or even part of a government entity. In recent times, it h
Black MatterUnspecified
1
None
Vice SocietyUnspecified
1
Vice Society, a threat actor group known for its malicious activities, has been linked to a series of ransomware attacks targeting various sectors, most notably education and healthcare. Throughout 2022 and the first half of 2023, Vice Society, along with Royal Ransomware, were actively executing mu
The Bl00dy Ransomware GangUnspecified
1
The Bl00dy ransomware gang, a threat actor that began operations in May 2022, is known for its malicious activities, which include exploiting vulnerabilities and using double extortion techniques against targeted organizations. This group has been observed to leverage the ScreenConnect Remote Code E
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Lockbit Black Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Securityaffairs
5 days ago
Security Affairs Malware Newsletter - Round 3
Securityaffairs
6 days ago
Security Affairs Malware Newsletter - Round 3
InfoSecurity-magazine
10 days ago
Understanding NullBulge, the New AI-Fighting ‘Hacktivist’ Group
Securityaffairs
12 days ago
Security Affairs Malware Newsletter - Round 2
Securityaffairs
20 days ago
Security Affairs Malware Newsletter - Round 1
BankInfoSecurity
21 days ago
New Zealand Fitness Retailer Hit By DragonForce Ransomware
Securityaffairs
a month ago
Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
a month ago
Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION
Checkpoint
a month ago
17th June – Threat Intelligence Report - Check Point Research
Securityaffairs
a month ago
Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
2 months ago
Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
2 months ago
Security Affairs newsletter Round 472 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
2 months ago
Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware
InfoSecurity-magazine
3 months ago
DragonForce Ransomware Group Uses LockBit’s Leaked Builder
CERT-EU
5 months ago
LOCKBIT 3.0 Ransomware - Complete Malware Analysis Report | #ransomware | #cybercrime | National Cyber Security Consulting
CERT-EU
5 months ago
New Vulnerabilities in ConnectWise ScreenConnect Massively Exploited by Attackers
CERT-EU
5 months ago
Black Basta, Bl00dy ransomware gangs join ScreenConnect attacks
InfoSecurity-magazine
5 months ago
Cyber Espionage France’s Top Threat Ahead of 2024 Paris Olympics
Trend Micro
5 months ago
Threat Actor Groups, Including Black Basta, are Exploiting Recent ScreenConnect Vulnerabilities
CERT-EU
5 months ago
Hackers Exploit ConnectWise Bugs to Deploy LockBit Ransomware