Lockbit Green

Malware Profile Updated 3 months ago

Download STIX

Preview STIX

LockBit, also known as Gold Mystic and Water Selkie, is a notorious ransomware group that has been active since its inception in September 2019. It has developed several variants of its malware over the years, including LockBit 1.0, LockBit 2.0, LockBit 3.0, and most recently, LockBit Green. The group became the most active ransomware entity in 2023, responsible for the majority of attacks of this nature. In some instances, victims were infected with as many as three different strains of LockBit (LockBit 2.0/Red, LockBit 3.0/Black, and LockBit Green). The latest variant, "LockBit Green," was released in January 2023. Initially, it was promoted as a significant new version by the LockBit team. However, security professionals quickly debunked this claim, finding that LockBit Green was essentially a rebranded version of a Conti encryptor. This appeared to be a strategic move by the group, which had been known for releasing a major new version each year. Despite the controversy surrounding its release, LockBit Green, along with other versions such as LockBit 2.0, LockBit 3.0, and LockBit Linux-ESXi Locker, remains available for affiliates' use on LockBit's panel. The ransomware group continues to pose a significant threat, with their malware capable of disrupting operations, stealing personal information, and holding data hostage for ransom.

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Lockbit	8	LockBit is a type of malware, specifically ransomware, that infiltrates systems to exploit and damage them. It can enter your system through various channels such as suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt
Conti	6	Conti is a type of malware, specifically ransomware, known for its ability to disrupt operations, steal personal information, and hold data hostage for ransom. The malicious software infiltrates systems via suspicious downloads, emails, or websites, often unbeknownst to the user. It has been used in
Conti Encryptor	3	Conti Encryptor is a type of malware, a malicious software designed to exploit and damage computer systems. It can infiltrate systems through various channels such as suspicious downloads, emails, or websites, often without the user's knowledge. Once it has gained access, Conti Encryptor can cause s
Lockbit Black	3	LockBit Black, also known as LockBit 3.0, is a malware that emerged in early 2022, following the release of its predecessor, LockBit 2.0 (or LockBit Red) in mid-2021. This malicious software, designed to exploit and damage computer systems, encrypts files and often holds them hostage for ransom. The
Lockbit Red	2	LockBit, a notorious ransomware, underwent a significant upgrade to LockBit 2.0 (also known as LockBit Red) in mid-2021. This malware version, designed to exploit and damage computer systems, was often propagated through suspicious downloads, emails, or websites. Once infiltrated, it could steal per
Water Selkie	1	None
Lockbit 3.0/black	1	None
Gold Mystic	1	Gold Mystic, also known as LockBit and Water Selkie, is a notable threat group that began ransomware operations in 2019. They adopted the LockBit name for their file-encrypting malware in 2020 and listed their first victims on the leak site in September of the same year. After a six-month period of

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

Malware

Macos

Ransom

Flashpoint

Esxi

RaaS

Locker

Encryption

Windows

Cybercrime

Associated Malware

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Associated Threat Actors

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
Blackmatter	Unspecified	1	BlackMatter is a recognized threat actor in the cybersecurity industry, notorious for its malicious activities and the execution of ransomware attacks. The group initially operated as DarkSide, responsible for the high-profile Colonial Pipeline attack in May 2021, which led to significant attention
LockBitSupp	Unspecified	1	LockBitSupp, also known as LockBit and putinkrab, is a notorious threat actor responsible for creating and operating one of the most prolific ransomware variants. The individual behind this persona, Dmitry Yuryevich Khoroshev, has been actively involved in ransomware attacks against organizations fo

Associated Vulnerabilities

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
Conti's Ransomware	Unspecified	2	None

Source Document References

Information about the Lockbit Green Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source	CreatedAt	Title
InfoSecurity-magazine	3 months ago	DragonForce Ransomware Group Uses LockBit’s Leaked Builder
CERT-EU	5 months ago	LOCKBIT 3.0 Ransomware - Complete Malware Analysis Report \| #ransomware \| #cybercrime \| National Cyber Security Consulting
CERT-EU	5 months ago	Authorities Claim LockBit Admin "LockBitSupp" Has Engaged with Law Enforcement \| #cybercrime \| #infosec \| National Cyber Security Consulting
CERT-EU	5 months ago	LockBit ransomware gang has over $110 million in unspent bitcoin
CERT-EU	5 months ago	Operation Cronos: Who Are the LockBit Admins
CERT-EU	5 months ago	LockBit Group Prepared New Crypto-Locker Before Takedown \| #ransomware \| #cybercrime \| National Cyber Security Consulting
BankInfoSecurity	5 months ago	LockBit Group Prepared New Crypto-Locker Before Takedown
CERT-EU	5 months ago	Have law enforcement agencies disrupted the LockBit group? \| #ransomware \| #cybercrime \| National Cyber Security Consulting
CERT-EU	5 months ago	LockBit Taken Down: What Comes Next? - ReliaQuest
Malwarebytes	5 months ago	Ransomware in 2023 recap: 5 key takeaways \| Malwarebytes
CERT-EU	a year ago	Why Criminals Keep Reusing Leaked Ransomware Builders
BankInfoSecurity	a year ago	Why Criminals Keep Reusing Leaked Ransomware Builders
CERT-EU	a year ago	Lockbit 3.0 Builder Leaked: Anyone Can Blend Ransomware
Securityaffairs	a year ago	Cybersecurity agencies published a LockBit ransomware advisory
CERT-EU	a year ago	LockBit Ransomware Extorts $91 Million from U.S. Companies
Securityaffairs	a year ago	LockBit Green ransomware variant borrows code from Conti one
CERT-EU	a year ago	New LockBit variant targets MacOS, another relies on Conti source code
Malwarebytes	a year ago	Ransomware review: February 2023
CERT-EU	a year ago	Kaspersky crimeware report: LockBit and phishing
CERT-EU	a year ago	Dark Power Ransomware Abusing Vulnerable Dynamic-Link Libraries in Resolved API Flow