Locker Ransomware

Malware updated 7 months ago (2024-05-04T18:17:57.841Z)

Download STIX

Preview STIX

Locker ransomware, a type of malware, poses significant risks to computer systems and data. Unlike crypto-ransomware which encrypts user data, locker ransomware locks users out of their devices entirely, demanding a ransom payment to restore access without any data encryption. This threat has evolved over time, with hybrid ransomware variants emerging that combine elements of both encrypting and locker ransomware. One such variant is the Dagon Locker Ransomware, recently analyzed by The DFIR Report, which demonstrated attackers leveraging AWS knowledge for internal movement within an AWS account and data exfiltration. The Rorschach locker ransomware, named due to its varied appearances, exhibits a partly autonomous, self-propagating nature and employs hybrid cryptography. Instead of encrypting entire files, it encrypts only parts, allowing it to operate at high speeds. In tests conducted by Check Point, Rorschach encrypted 22,000 files in an average of four minutes and 30 seconds. On the other hand, Ragnar Locker ransomware, operational since December 2019, is considered one of the most dangerous due to its attacks on critical infrastructure worldwide. Mitigating locker ransomware risks involves awareness of potential threats like phishing attacks and unsafe browsing habits. Recommended preventive measures include multi-factor authentication (MFA), regular system monitoring and patching, implementing a data backup and recovery plan, and network segmentation. For instance, the final stage of a Ryuk attack involves compromising the environment, extracting valuable data, then using locker ransomware to lock the machine and encrypt files in the background. As such, proactive defense strategies are crucial in preventing locker ransomware infiltration.

Description last updated: 2024-05-04T17:42:36.113Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

Linux

Esxi

Malware

Ransom

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The Lockbit Malware is associated with Locker Ransomware. LockBit is a malicious software, or malware, known for its damaging and exploitative functions. It infiltrates systems via dubious downloads, emails, or websites, often without the user's knowledge, and can steal personal information, disrupt operations, or hold data hostage for ransom. The LockBit	Unspecified	3
The Aukill Malware is associated with Locker Ransomware. AuKill, a malicious software (malware) developed by the notorious cybercrime collective FIN7, has been identified as a significant threat to endpoint security. The malware was designed to exploit a vulnerable version of a driver for Microsoft's Process Explorer utility, thereby disabling endpoint pr	Unspecified	2
The Babuk Malware is associated with Locker Ransomware. Babuk is a form of malware, specifically ransomware, that infiltrates computer systems and encrypts files, rendering them inaccessible to the user. It typically infects systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can disrupt operatio	Unspecified	2

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The Medusa Threat Actor is associated with Locker Ransomware. Medusa, a threat actor group known for its malicious activities, has been increasingly involved in multiple high-profile cyber attacks. In November 2023, Medusa and other groups like LockBit and ALPHV (BlackCat) exploited a zero-day vulnerability, the Citrix Bleed (CVE-2023-4966), leading to numerou	Unspecified	4

Source Document References

Information about the Locker Ransomware Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Securityaffairs	2 years ago	AuKill tool uses BYOVD attack to disable EDR software
Quick Heal Technologies Ltd.	a year ago	MedusaLocker Ransomware: An In-Depth Technical Analysis and Prevention Strategies
CERT-EU	2 years ago	Flaw in Microsoft Process Explorer under active attack
CERT-EU	10 months ago	Ransomware gang targets nonprofit providing clean water to world’s poorest \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	2 years ago	Crooks abuse Microsoft Windows driver to infect victims
DARKReading	2 years ago	'AuKill' Malware Hunts & Kills EDR Processes
CERT-EU	2 years ago	AuKill - A Malware That Kills EDR Clients To Attack Windows Systems
CERT-EU	2 years ago	Ransomware Attacks Increasingly Using AuKill Malware to Disable EDR – Gridinsoft Blogs \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware – National Cyber Security Consulting
CERT-EU	10 months ago	Cloud 2024: SaaS nightmares, API security boom and the impending cloud ‘identity crisis’
CERT-EU	10 months ago	Examples of Past and Current Attacks \| #ransomware \| #cybercrime \| National Cyber Security Consulting
CERT-EU	a year ago	Top 10 Notorious Ransomware Gangs of 2023 \| #ransomware \| #cybercrime \| National Cyber Security Consulting
CERT-EU	a year ago	Defend Against Cyber Threats: Understanding Each Ransomware Type
Recorded Future	2 years ago	2022 Adversary Infrastructure Report
Securityaffairs	2 years ago	Researchers found the first Linux variant of the RTM locker
CERT-EU	a year ago	The Seven Phases of a Ransomware Attack: A Step-by-Step Breakdown of the Attack Lifecycle
CERT-EU	2 years ago	RTM Locker's First Linux Ransomware Strain Targeting NAS and ESXi Hosts
MITRE	2 years ago	CONTInuing the Bazar Ransomware Story
CERT-EU	a year ago	Dark Power Ransomware Abusing Vulnerable Dynamic-Link Libraries in Resolved API Flow
InfoSecurity-magazine	2 years ago	RTM Locker Ransomware Targets Linux Architecture
CERT-EU	2 years ago	AresLoader Malware Attacking Citrix Users Through Malicious GitLab Repo