Lockbit Red

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
LockBit, a notorious ransomware, underwent a significant upgrade to LockBit 2.0 (also known as LockBit Red) in mid-2021. This malware version, designed to exploit and damage computer systems, was often propagated through suspicious downloads, emails, or websites. Once infiltrated, it could steal personal information, disrupt operations, or even hold data hostage for ransom. Alongside the release of LockBit Red in June 2021, the developer also introduced StealBit, a tool specifically designed for data exfiltration. The developer behind LockBit has shown consistent efforts in improving the ransomware over time. Following the release of LockBit Red, LockBit 3.0 (also known as LockBit Black) was launched in early 2022. It is highly probable that the group also upgraded its decryption tool during these iterations. Each new version of LockBit, including LockBit Black, LockBit Red, and LockBit Green (based on Conti Source code), came with increased capabilities and potential threats. In January 2023, the most recent version of the ransomware, LockBit Green, was released. This version shares 89% of its code with Conti v3 ransomware, a notorious malware from the now-disbanded Conti gang. Despite being relatively new, LockBit Green has already been used to attack at least five victims. This highlights the escalating threat posed by the continuous evolution of the LockBit ransomware.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Lockbit Black
4
LockBit Black, also known as LockBit 3.0, is a malware that emerged in early 2022, following the release of its predecessor, LockBit 2.0 (or LockBit Red) in mid-2021. This malicious software, designed to exploit and damage computer systems, encrypts files and often holds them hostage for ransom. The
Lockbit Green
2
LockBit, also known as Gold Mystic and Water Selkie, is a notorious ransomware group that has been active since its inception in September 2019. It has developed several variants of its malware over the years, including LockBit 1.0, LockBit 2.0, LockBit 3.0, and most recently, LockBit Green. The gro
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Esxi
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
LockbitUnspecified
5
LockBit is a type of malware, specifically ransomware, that infiltrates systems to exploit and damage them. It can enter your system through various channels such as suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt
ContiUnspecified
2
Conti is a type of malware, specifically ransomware, known for its ability to disrupt operations, steal personal information, and hold data hostage for ransom. The malicious software infiltrates systems via suspicious downloads, emails, or websites, often unbeknownst to the user. It has been used in
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Lockbit Red Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
5 months ago
Operation Cronos: Who Are the LockBit Admins
CERT-EU
5 months ago
LockBit Taken Down: What Comes Next? - ReliaQuest
CISA
a year ago
Understanding Ransomware Threat Actors: LockBit | CISA
Malwarebytes
a year ago
Ransomware review: February 2023
Fortinet
a year ago
Meet LockBit: The Most Prevalent Ransomware in 2022 | FortiGuard Labs
CERT-EU
a year ago
LockBit Ransomware Extorts $91 Million from U.S. Companies
Securityaffairs
a year ago
LockBit Green ransomware variant borrows code from Conti one