Lockbit Red

Malware Profile Updated 24 days ago
Download STIX
Preview STIX
LockBit, a notorious ransomware, underwent a significant upgrade to LockBit 2.0 (also known as LockBit Red) in mid-2021. This malware version, designed to exploit and damage computer systems, was often propagated through suspicious downloads, emails, or websites. Once infiltrated, it could steal personal information, disrupt operations, or even hold data hostage for ransom. Alongside the release of LockBit Red in June 2021, the developer also introduced StealBit, a tool specifically designed for data exfiltration. The developer behind LockBit has shown consistent efforts in improving the ransomware over time. Following the release of LockBit Red, LockBit 3.0 (also known as LockBit Black) was launched in early 2022. It is highly probable that the group also upgraded its decryption tool during these iterations. Each new version of LockBit, including LockBit Black, LockBit Red, and LockBit Green (based on Conti Source code), came with increased capabilities and potential threats. In January 2023, the most recent version of the ransomware, LockBit Green, was released. This version shares 89% of its code with Conti v3 ransomware, a notorious malware from the now-disbanded Conti gang. Despite being relatively new, LockBit Green has already been used to attack at least five victims. This highlights the escalating threat posed by the continuous evolution of the LockBit ransomware.
What's your take? (Question 1 of 4)
6eac88c3-0ff1-4184-b855-c51f895c17db Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Lockbit Black
4
LockBit Black, also known as LockBit 3.0, is a malware that emerged in early 2022 as the third version of the LockBit group's ransomware. The developer has consistently worked to improve this malicious software, with the previous version, LockBit 2.0 (also known as LockBit Red), being released in mi
Lockbit Green
2
LockBit, also known as Gold Mystic and Water Selkie, is a notorious ransomware group that has been active since its inception in September 2019. It has developed several variants of its malware over the years, including LockBit 1.0, LockBit 2.0, LockBit 3.0, and most recently, LockBit Green. The gro
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
LockbitUnspecified
5
LockBit is a malicious software, or malware, that has been significantly active in recent years. It is designed to infiltrate systems and cause significant damage by stealing sensitive information, disrupting operations, and holding data hostage for ransom. In 2023, security firm Rapid7 named LockBi
ContiUnspecified
2
Conti is a type of malware, specifically ransomware, that infiltrates systems to exploit and damage them, often stealing personal information or disrupting operations. This malicious software has been used in conjunction with other forms of malware such as Trickbot, BazarLoader, IcedID, and Cobalt S
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Lockbit Red Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Securityaffairs
a year ago
LockBit Green ransomware variant borrows code from Conti one
CERT-EU
3 months ago
Operation Cronos: Who Are the LockBit Admins
Fortinet
10 months ago
Meet LockBit: The Most Prevalent Ransomware in 2022 | FortiGuard Labs
CISA
a year ago
Understanding Ransomware Threat Actors: LockBit | CISA
CERT-EU
a year ago
LockBit Ransomware Extorts $91 Million from U.S. Companies
CERT-EU
3 months ago
LockBit Taken Down: What Comes Next? - ReliaQuest
Malwarebytes
a year ago
Ransomware review: February 2023