Lockbit3

Malware Profile Updated 4 days ago
Download STIX
Preview STIX
LockBit3 is a type of malware, specifically a ransomware, known for its harmful capabilities to exploit and damage computer systems. This malicious software infects systems through various methods such as suspicious downloads, emails, and websites, often unbeknownst to the user. Once infiltrated, it can steal personal data, disrupt operations, or even hold data hostage for ransom. In the first half of 2023, LockBit3 was reported to be the most active among 48 ransomware groups that breached over 2,200 victims, marking a 20% increase in victims compared to the same period in 2022. However, despite its increased activity, LockBit3 saw a significant decline in public extortion from the beginning of 2023. Its global impact dropped by 55%, reducing its ranking among ransomware groups from 20% to 9%. The decrease in public extortion incidents did not halt its operations entirely, as evidenced by a surge in August driven by Cl0p (+Torrents). Meanwhile, other ransomware groups such as 8base with ALPHV and Akira maintained steady numbers. The transfer and propagation of LockBit3 have been tracked via several methods, primarily through email and HTTP/S transfers. The ransomware has been observed being sent as a compressed attachment in emails (#9369, #8967, #8966, and #8140) and transferred over HTTP/S (#9367, #8965, and #8964). Furthermore, evidence of pre-execution phases of LockBit3 (7a51) ransomware on Windows systems (#8963) and instances of writing the ransomware to disk (#8962) have also been documented.
What's your take? (Question 1 of 0)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Lockbit3 Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
6 months ago
Citrix Bleed Vulnerability: SafeBreach Coverage for US-CERT Alert (AA23-325A)
Checkpoint
4 days ago
13th May – Threat Intelligence Report - Check Point Research
CERT-EU
7 months ago
Massive Surge in Cyber Attacks Targeting Real Estate and Utilities Organizations
CERT-EU
8 months ago
An 8% Spike In Cyber Attacks