ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > List all tools > List all groups using tool LockBit

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: LockBit

NamesLockBit
ABCD Ransomware
LockBit Black
Syrphid
CategoryMalware
TypeRansomware, Big Game Hunting, Reconnaissance, Remote command
Description(Kaspersky) LockBit ransomware is malicious software designed to block user access to computer systems in exchange for a ransom payment. LockBit will automatically vet for valuable targets, spread the infection, and encrypt all accessible computer systems on a network. This ransomware is used for highly targeted attacks against enterprises and other organizations. As a self-piloted cyberattack, LockBit attackers have made a mark by threatening organizations globally with some of the following threats:

• Operations disruption with essential functions coming to a sudden halt.
• Extortion for the hacker’s financial gain.
• Data theft and illegal publication as blackmail if the victim does not comply.
Information<https://www.kaspersky.com/resource-center/threats/lockbit-ransomware>
<https://www.mcafee.com/blogs/other-blogs/mcafee-labs/tales-from-the-trenches-a-lockbit-ransomware-story/>
<https://arstechnica.com/information-technology/2020/05/lockbit-the-new-ransomware-for-hire-a-sad-and-cautionary-tale/>
<https://news.sophos.com/en-us/2020/04/24/lockbit-ransomware-borrows-tricks-to-keep-up-with-revil-and-maze/>
<https://news.sophos.com/en-us/2020/10/21/lockbit-attackers-uses-automated-attack-tools-to-identify-tasty-targets/>
<https://www.bleepingcomputer.com/news/security/lockbit-ransomware-moves-quietly-on-the-network-strikes-fast/>
<https://www.prodaft.com/m/reports/LockBit_Case_Report___TLPWHITE.pdf>
<https://www.bleepingcomputer.com/news/security/lockbit-ransomware-now-encrypts-windows-domains-using-group-policies/>
<https://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees>
<https://www.bankinfosecurity.com/ransomware-lockbit-20-borrows-ryuk-egregors-tricks-a-17335>
<https://www.cybereason.com/blog/cybereason-vs.-lockbit2.0-ransomware>
<https://www.deepinstinct.com/blog/lockbit-2-0-ransomware-becomes-lockfile-ransomware-with-a-never-before-seen-encryption-method>
<https://www.cybereason.com/blog/threat-analysis-report-inside-the-lockbit-arsenal-the-stealbit-exfiltration-tool>
<https://www.trendmicro.com/en_us/research/22/a/analysis-and-Impact-of-lockbit-ransomwares-first-linux-and-vmware-esxi-variant.html>
<https://www.ic3.gov/Media/News/2022/220204.pdf>
<https://www.trendmicro.com/en_us/research/22/d/Thwarting-Loaders-From-SocGholish-to-BLISTERs-LockBit-Payload.htmlhttps://www.trendmicro.com/en_us/research/22/d/Thwarting-Loaders-From-SocGholish-to-BLISTERs-LockBit-Payload.html>
<https://www.malvuln.com/advisory/96de05212b30ec85d4cf03386c1b84af.txt>
<https://unit42.paloaltonetworks.com/lockbit-2-ransomware/>
<https://www.trendmicro.com/en_us/research/22/f/conti-vs-lockbit-a-comparative-analysis-of-ransomware-groups.html>
<https://www.csoonline.com/article/3665871/lockbit-explained-how-it-has-become-the-most-popular-ransomware.html>
<https://www.cybereason.com/blog/threat-analysis-report-lockbit-2.0-all-paths-lead-to-ransom>
<https://www.sentinelone.com/blog/living-off-windows-defender-lockbit-ransomware-sideloads-cobalt-strike-through-microsoft-security-tool/>
<https://www.trendmicro.com/en_us/research/22/g/lockbit-ransomware-group-augments-its-latest-variant--lockbit-3-.html>
<https://www.darkreading.com/vulnerabilities-threats/everything-you-need-to-know-about-lockbit>
<https://asec.ahnlab.com/en/41450/>
<https://www.tripwire.com/state-of-security/lockbit-ransomware-what-you-need-know>
<https://www.bleepingcomputer.com/news/security/lockbit-ransomware-goes-green-uses-new-conti-based-encryptor/>
<https://asec.ahnlab.com/en/47739/>
<https://www.fortinet.com/blog/threat-research/emerging-lockbit-campaign>
<https://thehackernews.com/2023/03/the-prolificacy-of-lockbit-ransomware.html>
<https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-075a>
<https://securelist.com/crimeware-report-lockbit-switchsymb/110068/>
<https://www.fortinet.com/blog/threat-research/lockbit-most-prevalent-ransomware>
<https://www.cybereason.com/blog/threat-analysis-assemble-lockbit-3>
<https://therecord.media/lockbit-knockoffs-proliferate-leaked-toolkit>
<https://asec.ahnlab.com/en/58750/>
<https://www.trendmicro.com/en_us/research/24/b/lockbit-attempts-to-stay-afloat-with-a-new-version.html>
<https://www.trendmicro.com/content/dam/trendmicro/global/en/research/24/b/lockbit-attempts-to-stay-afloat-with-a-new-version/technical-appendix-lockbit-ng-dev-analysis.pdf>
<https://securelist.com/lockbit-3-0-based-custom-targeted-ransomware/112375/>
<https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/>
<https://www.bleepingcomputer.com/news/security/fbi-recovers-7-000-lockbit-keys-urges-ransomware-victims-to-reach-out/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.lockbit>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=tag:lockbit>
Playbook<https://pan-unit42.github.io/playbook_viewer/?pb=lockbit20-ransomware>

Last change to this tool card: 19 June 2024

Download this tool card in JSON format

Previous: LOADOUT
Next: LockerGoga

All groups using tool LockBit

ChangedNameCountryObserved

APT groups

XLockBit Gang[Unknown]2019-Oct 2024 HOTX

1 group listed (1 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]