Lockbit3

Malware Profile Updated 12 days ago

Download STIX

Preview STIX

LockBit3 is a prominent malware that has been significantly active in the cyber threat landscape. In the first half of 2023, it was reported as the most active among 48 ransomware groups, breaching over 2,200 victims. This represented a 20% increase in victims compared to the same period in 2022. The malware typically infiltrates systems through suspicious downloads, emails, or websites, and can steal personal information, disrupt operations, or hold data hostage for ransom. The LockBit3 group often uses techniques such as emailing ransomware as a compressed attachment or transferring it over HTTP/S. However, despite its heightened activity in early 2023, LockBit3 experienced a significant decline in public extortion from the start of the year. By April, there was a 55% drop in its global impact, reducing its ranking from 20% to 9% among ransomware groups. But this downturn didn't last long. After a period of disruption, the LockBit3 ransomware group's activity resurged, accounting for 33% of ransomware attacks. By June 2024, Check Point Research highlighted a shift in the Ransomware-as-a-Service (RaaS) landscape. Despite LockBit3's August surge, driven by Cl0p (+Torrents), and maintaining steady numbers with 8base, ALPHV, and Akira, it was surpassed by RansomHub, which took the top spot as the most prevalent ransomware group. While LockBit3 remains a significant threat, its position in the hierarchy of ransomware groups continues to fluctify, reflecting the dynamic nature of the cyber threat environment.

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

Malware

RaaS

Extortion

Windows

Downloader

Associated Malware

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
Akira	Unspecified	1	Akira is a malicious software, or malware, specifically a type of ransomware known for its disruptive and damaging effects. First surfacing in late 2023, it has continued to wreak havoc on various entities, including corporations and industries. This ransomware infects systems through suspicious dow
Clop	Unspecified	1	Clop is a notorious malware, short for malicious software, known for its disruptive and damaging effects on computer systems. It primarily infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, Clop can steal personal information, disrupt o

Associated Threat Actors

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
Alphv	Unspecified	1	AlphV, also known as BlackCat, is a notable threat actor in the cybersecurity landscape. This group has been involved in numerous high-profile attacks, including stealing 5TB of data from Morrison Community Hospital and compromising Clarion, a global manufacturer of audio and video equipment for car
Ransomhub	Unspecified	1	RansomHub, a threat actor known for executing actions with malicious intent, has recently been linked to several high-profile cyber-attacks. The group is recognized for its ransomware attacks, which have resulted in significant data breaches at multiple companies. Christie, a prominent organization,

Associated Vulnerabilities

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Source Document References

Information about the Lockbit3 Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source	CreatedAt	Title
Checkpoint	12 days ago	15th July – Threat Intelligence Report - Check Point Research
Checkpoint	a month ago	17th June – Threat Intelligence Report - Check Point Research
Checkpoint	2 months ago	13th May – Threat Intelligence Report - Check Point Research
CERT-EU	10 months ago	Massive Surge in Cyber Attacks Targeting Real Estate and Utilities Organizations
CERT-EU	10 months ago	An 8% Spike In Cyber Attacks
CERT-EU	8 months ago	Citrix Bleed Vulnerability: SafeBreach Coverage for US-CERT Alert (AA23-325A)