สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency

Report

Home > List all groups > List all tools > List all groups using tool LockBit

Threat Group Cards: A Threat Actor Encyclopedia

Tool: LockBit

Names	LockBit ABCD Ransomware LockBit Black Syrphid
Category	Malware
Type	Ransomware, Big Game Hunting, Reconnaissance, Remote command
Description	(Kaspersky) LockBit ransomware is malicious software designed to block user access to computer systems in exchange for a ransom payment. LockBit will automatically vet for valuable targets, spread the infection, and encrypt all accessible computer systems on a network. This ransomware is used for highly targeted attacks against enterprises and other organizations. As a self-piloted cyberattack, LockBit attackers have made a mark by threatening organizations globally with some of the following threats: • Operations disruption with essential functions coming to a sudden halt. • Extortion for the hacker’s financial gain. • Data theft and illegal publication as blackmail if the victim does not comply.
Information	<https://www.kaspersky.com/resource-center/threats/lockbit-ransomware> <https://www.mcafee.com/blogs/other-blogs/mcafee-labs/tales-from-the-trenches-a-lockbit-ransomware-story/> <https://arstechnica.com/information-technology/2020/05/lockbit-the-new-ransomware-for-hire-a-sad-and-cautionary-tale/> <https://news.sophos.com/en-us/2020/04/24/lockbit-ransomware-borrows-tricks-to-keep-up-with-revil-and-maze/> <https://news.sophos.com/en-us/2020/10/21/lockbit-attackers-uses-automated-attack-tools-to-identify-tasty-targets/> <https://www.bleepingcomputer.com/news/security/lockbit-ransomware-moves-quietly-on-the-network-strikes-fast/> <https://www.prodaft.com/m/reports/LockBit_Case_Report___TLPWHITE.pdf> <https://www.bleepingcomputer.com/news/security/lockbit-ransomware-now-encrypts-windows-domains-using-group-policies/> <https://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees> <https://www.bankinfosecurity.com/ransomware-lockbit-20-borrows-ryuk-egregors-tricks-a-17335> <https://www.cybereason.com/blog/cybereason-vs.-lockbit2.0-ransomware> <https://www.deepinstinct.com/blog/lockbit-2-0-ransomware-becomes-lockfile-ransomware-with-a-never-before-seen-encryption-method> <https://www.cybereason.com/blog/threat-analysis-report-inside-the-lockbit-arsenal-the-stealbit-exfiltration-tool> <https://www.trendmicro.com/en_us/research/22/a/analysis-and-Impact-of-lockbit-ransomwares-first-linux-and-vmware-esxi-variant.html> <https://www.ic3.gov/Media/News/2022/220204.pdf> <https://www.trendmicro.com/en_us/research/22/d/Thwarting-Loaders-From-SocGholish-to-BLISTERs-LockBit-Payload.htmlhttps://www.trendmicro.com/en_us/research/22/d/Thwarting-Loaders-From-SocGholish-to-BLISTERs-LockBit-Payload.html> <https://www.malvuln.com/advisory/96de05212b30ec85d4cf03386c1b84af.txt> <https://unit42.paloaltonetworks.com/lockbit-2-ransomware/> <https://www.trendmicro.com/en_us/research/22/f/conti-vs-lockbit-a-comparative-analysis-of-ransomware-groups.html> <https://www.csoonline.com/article/3665871/lockbit-explained-how-it-has-become-the-most-popular-ransomware.html> <https://www.cybereason.com/blog/threat-analysis-report-lockbit-2.0-all-paths-lead-to-ransom> <https://www.sentinelone.com/blog/living-off-windows-defender-lockbit-ransomware-sideloads-cobalt-strike-through-microsoft-security-tool/> <https://www.trendmicro.com/en_us/research/22/g/lockbit-ransomware-group-augments-its-latest-variant--lockbit-3-.html> <https://www.darkreading.com/vulnerabilities-threats/everything-you-need-to-know-about-lockbit> <https://asec.ahnlab.com/en/41450/> <https://www.tripwire.com/state-of-security/lockbit-ransomware-what-you-need-know> <https://www.bleepingcomputer.com/news/security/lockbit-ransomware-goes-green-uses-new-conti-based-encryptor/> <https://asec.ahnlab.com/en/47739/> <https://www.fortinet.com/blog/threat-research/emerging-lockbit-campaign> <https://thehackernews.com/2023/03/the-prolificacy-of-lockbit-ransomware.html> <https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-075a> <https://securelist.com/crimeware-report-lockbit-switchsymb/110068/> <https://www.fortinet.com/blog/threat-research/lockbit-most-prevalent-ransomware> <https://www.cybereason.com/blog/threat-analysis-assemble-lockbit-3> <https://therecord.media/lockbit-knockoffs-proliferate-leaked-toolkit> <https://asec.ahnlab.com/en/58750/> <https://www.trendmicro.com/en_us/research/24/b/lockbit-attempts-to-stay-afloat-with-a-new-version.html> <https://www.trendmicro.com/content/dam/trendmicro/global/en/research/24/b/lockbit-attempts-to-stay-afloat-with-a-new-version/technical-appendix-lockbit-ng-dev-analysis.pdf> <https://securelist.com/lockbit-3-0-based-custom-targeted-ransomware/112375/> <https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/> <https://www.bleepingcomputer.com/news/security/fbi-recovers-7-000-lockbit-keys-urges-ransomware-victims-to-reach-out/> <https://therecord.media/new-hacker-group-lockbit-target-russia> <https://www.darkreading.com/vulnerabilities-threats/what-lockbit-leak-reveals-raas-groups>
Malpedia	<https://malpedia.caad.fkie.fraunhofer.de/details/win.lockbit>
AlienVault OTX	<https://otx.alienvault.com/browse/pulses?q=tag:lockbit>
Playbook	<https://pan-unit42.github.io/playbook_viewer/?pb=lockbit20-ransomware>

Last change to this tool card: 16 August 2025

Download this tool card in JSON format

Previous: LOADOUT
Next: LockerGoga

All groups using tool LockBit

Changed	Name	Country	Observed
APT groups
	LockBit Gang	[Unknown]	2019-May 2025

1 group listed (1 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Report incidents

+66 (0)2-123-1227

[email protected]