Lockbit v3.0

Malware Profile Updated 25 days ago
Download STIX
Preview STIX
LockBit v3.0 is a malicious software variant, known for its capability to encrypt up to 25,000 files per minute. This potent ransomware was first encountered almost a year ago, and despite not being the fastest of its kind, it poses a significant threat due to the average time required to detect and mitigate a breach—approximately 280 days. Its primary mode of operation involves exploiting and damaging computer systems, often infiltrating through suspicious downloads, emails, or websites without the user's knowledge. Once embedded, LockBit v3.0 can disrupt operations, steal personal information, or hold data hostage for ransom. Around the same time as the release of LockBit v3.0, another malware, BabLock, emerged. However, our analysis indicates that most of BabLock's structure still resembles LockBit v2.0, leading us to believe that it may originate from a different affiliate or group. The timing of their appearances led to initial speculation about a potential connection between the two entities. However, after nearly a year since the introduction of LockBit v3.0, recent attacks involving BabLock have shown no changes in its payload. This observation strengthens our stance that BabLock and the actual LockBit group are neither connected nor closely affiliated. Despite the similarities in their modus operandi and the coincidental timing of their emergence, these two threats appear to be distinct, each posing unique challenges in cybersecurity.
What's your take? (Question 1 of 2)
98781654-6643-4c57-a256-7ad5a3fc888c Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Lockbit
2
LockBit is a malicious software, or malware, that has been significantly active in recent years. It is designed to infiltrate systems and cause significant damage by stealing sensitive information, disrupting operations, and holding data hostage for ransom. In 2023, security firm Rapid7 named LockBi
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Payload
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
BablockUnspecified
2
BabLock, also known as Rorschach, is a type of malware that operates as ransomware. First identified by Check Point Research in April 2023, this harmful software infiltrates computer systems and devices, often without the user's knowledge, with the aim to exploit, damage, and potentially hold data h
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Lockbit v3.0 Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
a year ago
Why Your Detection-First Security Approach Isn't Working
CERT-EU
a year ago
An Analysis of the BabLock Ransomware
Trend Micro
a year ago
An Analysis of the BabLock Ransomware