Lv Ransomware

Malware Profile Updated 3 months ago

Download STIX

Preview STIX

LV Ransomware is a type of malicious software designed to exploit and damage computer systems, often infiltrating systems through suspicious downloads, emails, or websites. This ransomware variant, also known as ".0nzo8yk Virus," was first identified in the wild in June 2020 and is a modified version of the REvil/Sodinokibi v2.03 ransomware. The primary technical update implemented by the LV Ransomware Gang was the removal of command-and-control (C2) servers used by the REvil operators to track infections, replacing them with their own servers. In 2022, there has been an increase in cyberattacks on semiconductor companies, with eight reported incidents involving ransomware gangs such as LockBit, LV Ransomware, and Cuba Ransomware, or extortion groups like RansomHouse and Lapsus$ Group. These attacks have notably impacted semiconductor manufacturing, despite this sub-sector not being listed as one of the most affected in 2021. Among the victims were SilTerra Malaysia Sdn. Bhd., a Malaysian semiconductor manufacturer, and Semikron, both of which were listed on the LV Blog ransomware extortion website operated by LV Ransomware. The LV Ransomware Gang has claimed responsibility for stealing significant amounts of data from these companies, as announced on their extortion blog. Specifically, they claim to have stolen 1 TB worth of data from SilTerra Malaysia and 2 TB from Semikron. Although the specific attack vectors leading to these ransomware attacks remain unidentified, the impact and potential threat posed by LV Ransomware continue to be significant concerns within the cybersecurity community.

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Revil/sodinokibi v2.03	1	None
Revil/sodinokibi	1	REvil/Sodinokibi is a type of malware, specifically ransomware, first identified on September 24, 2019. This malicious software is designed to infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, it can steal personal information,

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

Crypter

Encryption

Extortion

RaaS

Malware

Associated Malware

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
REvil	Unspecified	2	REvil is a notorious form of malware, specifically ransomware, that infiltrates systems to disrupt operations and steal data. The ransomware operates on a Ransomware as a Service (RaaS) model, which gained traction in 2020. In this model, REvil, like other first-stage malware such as Dridex and Goot
Cuba Ransomware	Unspecified	1	The Cuba ransomware is a malicious software that first appeared on cybersecurity radars in late 2020 under the name "Tropical Scorpius." It is designed to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites without the user's knowledge. Once insi

Associated Threat Actors

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
GOLD SOUTHFIELD	Unspecified	1	Gold Southfield is a threat actor group known for its malicious cyber activities. Secureworks® Counter Threat Unit™ (CTU) researchers have found significant overlaps in the code structure of LV ransomware and REvil, a ransomware operated by Gold Southfield. This suggests that Gold Southfield may hav
Lapsus	Unspecified	1	Lapsus is a significant threat actor that has been active since its inception in early 2022. The group gained notoriety for its cyberattacks, including a high-profile breach of Nvidia, an American multinational technology company, in the same year. This attack led to the leak of thousands of passwor

Associated Vulnerabilities

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Source Document References

Information about the Lv Ransomware Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source	CreatedAt	Title
Recorded Future	a year ago	Semiconductor Companies Targeted by Ransomware \| Recorded Future
Recorded Future	a year ago	Semiconductor Companies Targeted by Ransomware \| Recorded Future
Secureworks	a year ago	LV Ransomware