Lockbit Green

Malware Profile Updated a month ago
Download STIX
Preview STIX
LockBit, also known as Gold Mystic and Water Selkie, is a notorious ransomware group that has been active since its inception in September 2019. It has developed several variants of its malware over the years, including LockBit 1.0, LockBit 2.0, LockBit 3.0, and most recently, LockBit Green. The group became the most active ransomware entity in 2023, responsible for the majority of attacks of this nature. In some instances, victims were infected with as many as three different strains of LockBit (LockBit 2.0/Red, LockBit 3.0/Black, and LockBit Green). The latest variant, "LockBit Green," was released in January 2023. Initially, it was promoted as a significant new version by the LockBit team. However, security professionals quickly debunked this claim, finding that LockBit Green was essentially a rebranded version of a Conti encryptor. This appeared to be a strategic move by the group, which had been known for releasing a major new version each year. Despite the controversy surrounding its release, LockBit Green, along with other versions such as LockBit 2.0, LockBit 3.0, and LockBit Linux-ESXi Locker, remains available for affiliates' use on LockBit's panel. The ransomware group continues to pose a significant threat, with their malware capable of disrupting operations, stealing personal information, and holding data hostage for ransom.
What's your take? (Question 1 of 5)
08e1a53f-d014-451f-a3bf-1c2b6f40eb96 Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Lockbit
8
LockBit is a malicious software, or malware, that has been significantly active in recent years. It is designed to infiltrate systems and cause significant damage by stealing sensitive information, disrupting operations, and holding data hostage for ransom. In 2023, security firm Rapid7 named LockBi
Conti
6
Conti is a type of malware, specifically ransomware, that infiltrates systems to exploit and damage them, often stealing personal information or disrupting operations. This malicious software has been used in conjunction with other forms of malware such as Trickbot, BazarLoader, IcedID, and Cobalt S
Conti Encryptor
3
Conti Encryptor is a type of malware, a malicious software designed to exploit and damage computer systems. It can infiltrate systems through various channels such as suspicious downloads, emails, or websites, often without the user's knowledge. Once it has gained access, Conti Encryptor can cause s
Lockbit Black
3
LockBit Black, also known as LockBit 3.0, is a malware that emerged in early 2022 as the third version of the LockBit group's ransomware. The developer has consistently worked to improve this malicious software, with the previous version, LockBit 2.0 (also known as LockBit Red), being released in mi
Lockbit Red
2
LockBit, a notorious ransomware, underwent a significant upgrade to LockBit 2.0 (also known as LockBit Red) in mid-2021. This malware version, designed to exploit and damage computer systems, was often propagated through suspicious downloads, emails, or websites. Once infiltrated, it could steal per
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Malware
Macos
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Conti's RansomwareUnspecified
2
None
Source Document References
Information about the Lockbit Green Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
InfoSecurity-magazine
a month ago
DragonForce Ransomware Group Uses LockBit’s Leaked Builder
Malwarebytes
a year ago
LockBit ransomware on Mac: Should we worry?
CERT-EU
10 months ago
Dark Power Ransomware Abusing Vulnerable Dynamic-Link Libraries in Resolved API Flow
Securityaffairs
a year ago
LockBit Green ransomware variant borrows code from Conti one
CERT-EU
3 months ago
Operation Cronos: Who Are the LockBit Admins
Fortinet
10 months ago
Meet LockBit: The Most Prevalent Ransomware in 2022 | FortiGuard Labs
CERT-EU
a year ago
New LockBit variant targets MacOS, another relies on Conti source code
CISA
a year ago
Understanding Ransomware Threat Actors: LockBit | CISA
BankInfoSecurity
9 months ago
Why Criminals Keep Reusing Leaked Ransomware Builders
Securityaffairs
a year ago
Cybersecurity agencies published a LockBit ransomware advisory
CERT-EU
a year ago
LockBit Ransomware Extorts $91 Million from U.S. Companies
CERT-EU
3 months ago
LockBit Taken Down: What Comes Next? - ReliaQuest
Flashpoint
10 months ago
LockBit Ransomware: Inside the World's Most Active Ransomware Group
CERT-EU
10 months ago
Dark Power Ransomware Abusing Vulnerable Dynamic-Link Libraries in Resolved API Flow
CERT-EU
3 months ago
LockBit ransomware gang has over $110 million in unspent bitcoin
Malwarebytes
a year ago
Ransomware review: February 2023
CERT-EU
3 months ago
LockBit Group Prepared New Crypto-Locker Before Takedown | #ransomware | #cybercrime | National Cyber Security Consulting
Malwarebytes
3 months ago
Ransomware in 2023 recap: 5 key takeaways | Malwarebytes
CERT-EU
a year ago
Kaspersky crimeware report: LockBit and phishing
CERT-EU
9 months ago
Lockbit 3.0 Builder Leaked: Anyone Can Blend Ransomware