Lockbit Black

Malware updated a month ago (2024-09-11T19:18:10.328Z)
Download STIX
Preview STIX
LockBit Black, also known as LockBit 3.0, is a malicious software that emerged in early 2022 following the release of its predecessor, LockBit 2.0 (or LockBit Red) in mid-2021. The malware has been developed to exploit and damage computer systems by encrypting files, often leading to ransom demands for data restoration. This advanced ransomware shares similarities with other notable malware such as BlackMatter and Alphv (also known as BlackCat), indicating the developer's consistent efforts to enhance its destructive capabilities. The dissemination of LockBit Black was primarily facilitated through the Phorpiex botnet, which sent millions of phishing emails containing the ransomware. These campaigns utilized tools like Async RAT and Xworm before delivering LockBit payloads built using a leaked LockBit Black builder. In addition, the CosmicBeetle group leveraged the same builder to generate custom samples featuring a ransom note in Turkish, further demonstrating the wide-ranging use of this malware. In September 2022, a significant development occurred when an affiliate of LockBit leaked the LockBit Black builder code due to a disagreement with the group's owners. This led to multiple cybercrime groups utilizing the builder code to customize their own ransomware tooling and launch attacks. According to cybersecurity company Cyble, DragonForce, another cybercrime group, used a ransomware binary based on the LockBit Black ransomware in its attacks, highlighting the pervasive influence of LockBit Black in the cyber threat landscape.
Description last updated: 2024-09-11T19:16:51.674Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Blackmatter is a possible alias for Lockbit Black. BlackMatter is a recognized threat actor in the cybersecurity industry, notorious for its malicious activities and the execution of ransomware attacks. The group initially operated as DarkSide, responsible for the high-profile Colonial Pipeline attack in May 2021, which led to significant attention
5
Lockbit Red is a possible alias for Lockbit Black. LockBit, a notorious ransomware, underwent a significant upgrade to LockBit 2.0 (also known as LockBit Red) in mid-2021. This malware version, designed to exploit and damage computer systems, was often propagated through suspicious downloads, emails, or websites. Once infiltrated, it could steal per
4
Lockbit Green is a possible alias for Lockbit Black. LockBit, also known as Gold Mystic and Water Selkie, is a notorious ransomware group that has been active since its inception in September 2019. It has developed several variants of its malware over the years, including LockBit 1.0, LockBit 2.0, LockBit 3.0, and most recently, LockBit Green. The gro
3
Lockbit V3 is a possible alias for Lockbit Black. LockBit v3, also known as LockBit Black, is a potent malware that was initially detected in June 2022. This malicious software is designed to exploit and damage computer systems by encrypting files rapidly, often without the user's knowledge. It infiltrates systems through suspicious downloads, emai
3
Dragonforce is a possible alias for Lockbit Black. DragonForce is a malicious software (malware) developed by a hacktivist group of the same name. This malware has been used in a series of attacks targeting various organizations globally. In 2022, DragonForce targeted over 70 government and commercial entities in India, disrupting their web resource
2
Alphv is a possible alias for Lockbit Black. AlphV, also known as BlackCat, is a notable threat actor that has been operational since November 2021. This group has pioneered the public leaks business model in the realm of ransomware attacks and has been associated with significant cybercrimes. It is particularly infamous for its attack on Morr
2
LockBitSupp is a possible alias for Lockbit Black. LockBitSupp, also known as Dmitry Yuryevich Khoroshev, is a Russian national who has been identified as the leader and key developer behind the prolific ransomware variant, LockBit. From as early as September 2019 through to 2024, Khoroshev was involved in recruiting new affiliate members, speaking
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Ransom
Malware
Payload
Ransomware P...
Cybercrime
Windows
Botnet
Phishing
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Lockbit Malware is associated with Lockbit Black. LockBit is a notorious malware that has been involved in several high-profile ransomware incidents, including attacks on Boeing, London Drugs, Ontario hospitals, and Accenture. The malicious software infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the useris related to
12
The Conti Malware is associated with Lockbit Black. Conti is a type of malware, specifically a ransomware, that infiltrates computer systems to exploit and damage them. It was commonly used in cyberattacks by ITG23, a cybercriminal group which also used other malware like Trickbot and BazarLoader. The Conti ransomware was known for its sophisticated Unspecified
3
The Black Basta Malware is associated with Lockbit Black. Black Basta is a notorious malware and ransomware group known for its high-profile attacks on various sectors. The group, also known as Storm-0506, has been active since at least early 2022 and has accumulated over $107 million in Bitcoin ransom payments. It deploys malicious software to exploit vulUnspecified
2
The Phorpiex Malware is associated with Lockbit Black. Phorpiex is a prominent malware that has been known to exploit and damage computer systems by infiltrating them through suspicious downloads, emails, or websites. Once inside a system, it can steal personal information, disrupt operations, or even hold data hostage for ransom. Phorpiex is particularUnspecified
2
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Bl00dy Threat Actor is associated with Lockbit Black. Bl00dy is a threat actor known for its malicious activities in the cyber world. The group, along with another threat actor called Black Basta, have recently been identified as exploiting bugs in ConnectWise ScreenConnect, a popular remote management tool. This exploitation has led to a significant iUnspecified
2
The DarkSide Threat Actor is associated with Lockbit Black. DarkSide is a threat actor known for its malicious activities, primarily in the realm of ransomware attacks. One of their most notable exploits occurred on May 7, 2021, when they targeted Colonial Pipeline Co., a major player in the U.S. energy sector. The attack disrupted the gasoline supply acrossUnspecified
2
The FIN7 Threat Actor is associated with Lockbit Black. FIN7, also known as Carbanak, is a Russian cybercrime group that has been active since mid-2015. They are known for their malicious activities primarily targeting the restaurant, gambling, and hospitality industries in the United States to harvest financial information which is then used in attacks Unspecified
2
Source Document References
Information about the Lockbit Black Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
ESET
a month ago
Securityaffairs
2 months ago
Securityaffairs
2 months ago
Securityaffairs
3 months ago
Securityaffairs
3 months ago
InfoSecurity-magazine
3 months ago
Securityaffairs
3 months ago
Securityaffairs
3 months ago
BankInfoSecurity
3 months ago
Securityaffairs
3 months ago
Securityaffairs
4 months ago
Checkpoint
4 months ago
Securityaffairs
4 months ago
Securityaffairs
4 months ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
InfoSecurity-magazine
6 months ago
CERT-EU
7 months ago
CERT-EU
7 months ago
CERT-EU
7 months ago