Lockfile

Malware Profile Updated 24 days ago
Download STIX
Preview STIX
LockFile is a type of malicious software, or malware, that has been linked to ransomware activity. This harmful program can infiltrate your system via suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold your data for ransom. Analysis of the PlugX sample, which is associated with LockFile, suggests that it may be connected to Chinese threat group activity. Other samples such as HUI Loader, which loads the Cobalt Strike Beacon, have also been linked to LockFile. The links between LockFile, HUI Loader, and a specific sub-version of PlugX suggest that the threat group responsible for the ransomware activity connected to HUI Loader may have access to malware developed by Chinese government-sponsored groups. LockFile operates as a traditional ransomware scheme under the operation of BRONZE STARLIGHT, but has adopted a name-and-shame model for other ransomware operations. Notably, some types of ransomware, including LockFile, only partially encrypt a file, especially if it is very large. This method of intermittent encryption is used to evade detection. Furthermore, LockFile has been observed using the PetitPotam exploit to compromise Windows Domain Controllers, adding another layer of complexity to its operations. To combat this threat, Avast has released a decryptor tool specifically designed for Atom Silo and LockFile ransomware. Heimdal™ Security also offers an integrated cybersecurity suite featuring a Ransomware Encryption Protection module that is universally compatible with any antivirus solution. This module is 100% signature-free, ensuring superior detection and remediation of any type of ransomware, including recent ones like LockFile. Despite these countermeasures, the exact number and nature of LockFile victims remain unclear.
What's your take? (Question 1 of 2)
cdaedf2b-32d6-4307-9799-0cda6da59444 Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Encryption
Malware
Ransomware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Lockfile Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Secureworks
a year ago
BRONZE STARLIGHT Ransomware Operations Use HUI Loader
MITRE
6 months ago
RotaJakiro: A long live secret backdoor with 0 VT detection
DARKReading
a year ago
Free Tool Unlocks Some Encrypted Data in Ransomware Attacks
CERT-EU
9 months ago
What Is Double Extortion Ransomware?
CERT-EU
7 months ago
How does Ransomware work? - Ransomware Help & Tech Support
CERT-EU
10 months ago
200+ Free Ransomware Decryption Tools You Need [2022 List]