Locker Ransomware

Malware updated 22 days ago (2024-11-29T14:01:09.068Z)
Download STIX
Preview STIX
Locker ransomware, a type of malware, poses significant risks to computer systems and data. Unlike crypto-ransomware which encrypts user data, locker ransomware locks users out of their devices entirely, demanding a ransom payment to restore access without any data encryption. This threat has evolved over time, with hybrid ransomware variants emerging that combine elements of both encrypting and locker ransomware. One such variant is the Dagon Locker Ransomware, recently analyzed by The DFIR Report, which demonstrated attackers leveraging AWS knowledge for internal movement within an AWS account and data exfiltration. The Rorschach locker ransomware, named due to its varied appearances, exhibits a partly autonomous, self-propagating nature and employs hybrid cryptography. Instead of encrypting entire files, it encrypts only parts, allowing it to operate at high speeds. In tests conducted by Check Point, Rorschach encrypted 22,000 files in an average of four minutes and 30 seconds. On the other hand, Ragnar Locker ransomware, operational since December 2019, is considered one of the most dangerous due to its attacks on critical infrastructure worldwide. Mitigating locker ransomware risks involves awareness of potential threats like phishing attacks and unsafe browsing habits. Recommended preventive measures include multi-factor authentication (MFA), regular system monitoring and patching, implementing a data backup and recovery plan, and network segmentation. For instance, the final stage of a Ryuk attack involves compromising the environment, extracting valuable data, then using locker ransomware to lock the machine and encrypt files in the background. As such, proactive defense strategies are crucial in preventing locker ransomware infiltration.
Description last updated: 2024-05-04T17:42:36.113Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Linux
Esxi
Malware
Ransom
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Lockbit Malware is associated with Locker Ransomware. LockBit is a prominent ransomware-as-a-service (RaaS) malware that has been involved in numerous cyberattacks, demonstrating its staying power and adaptability. The malware, which can infiltrate systems through suspicious downloads, emails, or websites, is designed to exploit and damage computers orUnspecified
3
The Aukill Malware is associated with Locker Ransomware. AuKill, a malicious software (malware) developed by the notorious cybercrime collective FIN7, has been identified as a significant threat to endpoint security. The malware was designed to exploit a vulnerable version of a driver for Microsoft's Process Explorer utility, thereby disabling endpoint prUnspecified
2
The Babuk Malware is associated with Locker Ransomware. Babuk is a form of malware, specifically ransomware, that infiltrates computer systems and encrypts files, rendering them inaccessible to the user. It typically infects systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can disrupt operatioUnspecified
2
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Medusa Threat Actor is associated with Locker Ransomware. Medusa, a threat actor group known for its malicious activities, has been increasingly involved in multiple high-profile cyber attacks. In November 2023, Medusa and other groups like LockBit and ALPHV (BlackCat) exploited a zero-day vulnerability, the Citrix Bleed (CVE-2023-4966), leading to numerouUnspecified
4
Source Document References
Information about the Locker Ransomware Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Securityaffairs
2 years ago
Quick Heal Technologies Ltd.
a year ago
CERT-EU
2 years ago
CERT-EU
a year ago
CERT-EU
2 years ago
DARKReading
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
Recorded Future
2 years ago
Securityaffairs
2 years ago
CERT-EU
a year ago
CERT-EU
2 years ago
MITRE
2 years ago
CERT-EU
a year ago
InfoSecurity-magazine
2 years ago
CERT-EU
2 years ago