Lokilocker

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
LokiLocker is a unique and sophisticated form of malware, specifically a ransomware variant. Ransomware is a type of malicious software that infiltrates systems, often without the user's knowledge, through suspicious downloads, emails, or websites. Once inside, it can disrupt operations, steal personal information, or even hold data hostage for ransom. LokiLocker is unusual in its operation, functioning as a ransomware-as-a-service scheme available only to a select number of affiliates, adding an extra layer of complexity to its deployment and usage. The LokiLocker ransomware has been observed to be transferred over HTTP/S (#9068, #9069) and also sent via email as a compressed attachment (#9070, #9071). This versatility makes it particularly dangerous as it can infiltrate systems through various channels. In addition, during the pre-execution phase of LokiLocker (#9067), it writes itself to disk (#9066), making it harder to detect and remove once it's on a system. In response to the emerging threat posed by LokiLocker, SafeBreach has updated their platform with attacks that mimic the behavior of this ransomware variant. This allows customers to validate their security controls against LokiLocker, helping them to better understand potential vulnerabilities and take proactive measures to protect their systems. The continued evolution of malware like LokiLocker underscores the importance of robust cybersecurity measures and the need for constant vigilance in the face of new threats.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Wiper
RaaS
Ransomware
Windows
Malware
Encryption
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
RagnarlockerUnspecified
1
RagnarLocker is a type of malware, specifically ransomware, which first emerged in 2021. It is designed to infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or hold data hostag
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Lokilocker Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
10 months ago
RagnarLocker Ransomware, LokiLocker Ransomware, and More: Hacker’s Playbook Threat Coverage Round-up: September 27th, 2023
CERT-EU
a year ago
Navigating the ransomware storm | TahawulTech.com | #ransomware | #cybercrime | National Cyber Security Consulting