LockBit

Description

(Kaspersky) LockBit ransomware is malicious software designed to block user access to computer systems in exchange for a ransom payment. LockBit will automatically vet for valuable targets, spread the infection, and encrypt all accessible computer systems on a network. This ransomware is used for highly targeted attacks against enterprises and other organizations. As a self-piloted cyberattack, LockBit attackers have made a mark by threatening organizations globally with some of the following threats:

• Operations disruption with essential functions coming to a sudden halt. • Extortion for the hacker’s financial gain. • Data theft and illegal publication as blackmail if the victim does not comply.

Names

Name
LockBit
ABCD Ransomware
LockBit Black
Syrphid

Category

Malware

Type

• Ransomware
• Big Game Hunting
• Reconnaissance
• Remote command

Information

• https://www.kaspersky.com/resource-center/threats/lockbit-ransomware
• https://www.mcafee.com/blogs/other-blogs/mcafee-labs/tales-from-the-trenches-a-lockbit-ransomware-story/
• https://arstechnica.com/information-technology/2020/05/lockbit-the-new-ransomware-for-hire-a-sad-and-cautionary-tale/
• https://news.sophos.com/en-us/2020/04/24/lockbit-ransomware-borrows-tricks-to-keep-up-with-revil-and-maze/
• https://news.sophos.com/en-us/2020/10/21/lockbit-attackers-uses-automated-attack-tools-to-identify-tasty-targets/
• https://www.bleepingcomputer.com/news/security/lockbit-ransomware-moves-quietly-on-the-network-strikes-fast/
• https://www.prodaft.com/m/reports/LockBit_Case_Report___TLPWHITE.pdf
• https://www.bleepingcomputer.com/news/security/lockbit-ransomware-now-encrypts-windows-domains-using-group-policies/
• https://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees
• https://www.bankinfosecurity.com/ransomware-lockbit-20-borrows-ryuk-egregors-tricks-a-17335
• https://www.cybereason.com/blog/cybereason-vs.-lockbit2.0-ransomware
• https://www.deepinstinct.com/blog/lockbit-2-0-ransomware-becomes-lockfile-ransomware-with-a-never-before-seen-encryption-method
• https://www.cybereason.com/blog/threat-analysis-report-inside-the-lockbit-arsenal-the-stealbit-exfiltration-tool
• https://www.trendmicro.com/en_us/research/22/a/analysis-and-Impact-of-lockbit-ransomwares-first-linux-and-vmware-esxi-variant.html
• https://www.ic3.gov/Media/News/2022/220204.pdf
• https://www.trendmicro.com/en_us/research/22/d/Thwarting-Loaders-From-SocGholish-to-BLISTERs-LockBit-Payload.htmlhttps://www.trendmicro.com/en_us/research/22/d/Thwarting-Loaders-From-SocGholish-to-BLISTERs-LockBit-Payload.html
• https://www.malvuln.com/advisory/96de05212b30ec85d4cf03386c1b84af.txt
• https://unit42.paloaltonetworks.com/lockbit-2-ransomware/
• https://www.trendmicro.com/en_us/research/22/f/conti-vs-lockbit-a-comparative-analysis-of-ransomware-groups.html
• https://www.csoonline.com/article/3665871/lockbit-explained-how-it-has-become-the-most-popular-ransomware.html
• https://www.cybereason.com/blog/threat-analysis-report-lockbit-2.0-all-paths-lead-to-ransom
• https://www.sentinelone.com/blog/living-off-windows-defender-lockbit-ransomware-sideloads-cobalt-strike-through-microsoft-security-tool/
• https://www.trendmicro.com/en_us/research/22/g/lockbit-ransomware-group-augments-its-latest-variant—lockbit-3-.html
• https://www.darkreading.com/vulnerabilities-threats/everything-you-need-to-know-about-lockbit
• https://asec.ahnlab.com/en/41450/
• https://www.tripwire.com/state-of-security/lockbit-ransomware-what-you-need-know
• https://www.bleepingcomputer.com/news/security/lockbit-ransomware-goes-green-uses-new-conti-based-encryptor/
• https://asec.ahnlab.com/en/47739/
• https://www.fortinet.com/blog/threat-research/emerging-lockbit-campaign
• https://thehackernews.com/2023/03/the-prolificacy-of-lockbit-ransomware.html
• https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-075a
• https://securelist.com/crimeware-report-lockbit-switchsymb/110068/
• https://www.fortinet.com/blog/threat-research/lockbit-most-prevalent-ransomware
• https://www.cybereason.com/blog/threat-analysis-assemble-lockbit-3
• https://therecord.media/lockbit-knockoffs-proliferate-leaked-toolkit
• https://asec.ahnlab.com/en/58750/
• https://www.trendmicro.com/en_us/research/24/b/lockbit-attempts-to-stay-afloat-with-a-new-version.html
• https://www.trendmicro.com/content/dam/trendmicro/global/en/research/24/b/lockbit-attempts-to-stay-afloat-with-a-new-version/technical-appendix-lockbit-ng-dev-analysis.pdf
• https://securelist.com/lockbit-3-0-based-custom-targeted-ransomware/112375/
• https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
• https://www.bleepingcomputer.com/news/security/fbi-recovers-7-000-lockbit-keys-urges-ransomware-victims-to-reach-out/
• https://therecord.media/new-hacker-group-lockbit-target-russia

Malpedia

• https://malpedia.caad.fkie.fraunhofer.de/details/win.lockbit

Alienvault Otx

• https://otx.alienvault.com/browse/pulses?q=tag:lockbit

Playbook

• https://pan-unit42.github.io/playbook_viewer/?pb=lockbit20-ransomware

Other Information

Uuid

67f3bacc-75ce-46ef-959a-131c6e1fa30e

Last Card Change

2025-06-28