Locker Ransomware

Malware updated 4 months ago (2024-05-04T18:17:57.841Z)

Download STIX

Preview STIX

Locker ransomware, a type of malware, poses significant risks to computer systems and data. Unlike crypto-ransomware which encrypts user data, locker ransomware locks users out of their devices entirely, demanding a ransom payment to restore access without any data encryption. This threat has evolved over time, with hybrid ransomware variants emerging that combine elements of both encrypting and locker ransomware. One such variant is the Dagon Locker Ransomware, recently analyzed by The DFIR Report, which demonstrated attackers leveraging AWS knowledge for internal movement within an AWS account and data exfiltration. The Rorschach locker ransomware, named due to its varied appearances, exhibits a partly autonomous, self-propagating nature and employs hybrid cryptography. Instead of encrypting entire files, it encrypts only parts, allowing it to operate at high speeds. In tests conducted by Check Point, Rorschach encrypted 22,000 files in an average of four minutes and 30 seconds. On the other hand, Ragnar Locker ransomware, operational since December 2019, is considered one of the most dangerous due to its attacks on critical infrastructure worldwide. Mitigating locker ransomware risks involves awareness of potential threats like phishing attacks and unsafe browsing habits. Recommended preventive measures include multi-factor authentication (MFA), regular system monitoring and patching, implementing a data backup and recovery plan, and network segmentation. For instance, the final stage of a Ryuk attack involves compromising the environment, extracting valuable data, then using locker ransomware to lock the machine and encrypt files in the background. As such, proactive defense strategies are crucial in preventing locker ransomware infiltration.

Description last updated: 2024-05-04T17:42:36.113Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

Linux

Esxi

Malware

Ransom

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

ID	Type	Votes	Profile Description
Lockbit	Unspecified	3	LockBit is a malicious software, or malware, that has been notably active and damaging in the cyber world. Known for its ability to infiltrate systems often without detection, it can steal personal information, disrupt operations, and even hold data hostage for ransom. In the first half of 2024, Loc
Aukill	Unspecified	2	AuKill, also known as AvNeutralizer, is a malicious software developed by the notorious cybercrime group FIN7 (also known as Carbanak, Carbon Spider, Cobalt Group, Navigator Group). The development of this anti-security tool began in April 2022. AuKill was specifically designed to undermine endpoint
Babuk	Unspecified	2	Babuk is a type of malware, specifically ransomware, that infiltrates systems to encrypt files and hold them for ransom. This malicious software can infect your system through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can disrupt operations by enc

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

ID	Type	Votes	Profile Description
Medusa	Unspecified	4	Medusa, a malicious threat actor known for its ransomware attacks, has been increasingly active and dangerous. This group was responsible for a significant rise in data leaks and multi-extortion activities throughout 2023. Medusa, along with other ransomware groups like LockBit and ALPHV (BlackCat),

Source Document References

Information about the Locker Ransomware Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Securityaffairs	a year ago	AuKill tool uses BYOVD attack to disable EDR software
Quick Heal Technologies Ltd.	a year ago	MedusaLocker Ransomware: An In-Depth Technical Analysis and Prevention Strategies
CERT-EU	a year ago	Flaw in Microsoft Process Explorer under active attack
CERT-EU	8 months ago	Ransomware gang targets nonprofit providing clean water to world’s poorest \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	a year ago	Crooks abuse Microsoft Windows driver to infect victims
DARKReading	a year ago	'AuKill' Malware Hunts & Kills EDR Processes
CERT-EU	a year ago	AuKill - A Malware That Kills EDR Clients To Attack Windows Systems
CERT-EU	a year ago	Ransomware Attacks Increasingly Using AuKill Malware to Disable EDR – Gridinsoft Blogs \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware – National Cyber Security Consulting
CERT-EU	8 months ago	Cloud 2024: SaaS nightmares, API security boom and the impending cloud ‘identity crisis’
CERT-EU	8 months ago	Examples of Past and Current Attacks \| #ransomware \| #cybercrime \| National Cyber Security Consulting
CERT-EU	8 months ago	Top 10 Notorious Ransomware Gangs of 2023 \| #ransomware \| #cybercrime \| National Cyber Security Consulting
CERT-EU	9 months ago	Defend Against Cyber Threats: Understanding Each Ransomware Type
Recorded Future	2 years ago	2022 Adversary Infrastructure Report
Securityaffairs	a year ago	Researchers found the first Linux variant of the RTM locker
CERT-EU	a year ago	The Seven Phases of a Ransomware Attack: A Step-by-Step Breakdown of the Attack Lifecycle
CERT-EU	a year ago	RTM Locker's First Linux Ransomware Strain Targeting NAS and ESXi Hosts
MITRE	2 years ago	CONTInuing the Bazar Ransomware Story
CERT-EU	a year ago	Dark Power Ransomware Abusing Vulnerable Dynamic-Link Libraries in Resolved API Flow
InfoSecurity-magazine	a year ago	RTM Locker Ransomware Targets Linux Architecture
CERT-EU	a year ago	AresLoader Malware Attacking Citrix Users Through Malicious GitLab Repo