LockBit (Malware Family)
By Fraunhofer FKIE
Archived: 2026-04-05 14:32:54 UTC
There is no description at this point.
2026-01-30 ⋅ LevelBlue ⋅ Evgeny Ananin, Mark Tsipershtein, Nikita Kazymirskyi
19 Shades of LockBit5.0, Inside the Latest Cross-Platform Ransomware: Part 1
LockBit LockBit 2025-09-25 ⋅ Trend Micro ⋅
New LockBit 5.0 Targets Windows, Linux, ESXi
LockBit LockBit 2025-07-31 ⋅ Intrinsec ⋅ CTI Intrinsec
Shadow syndicate infrastructure illumination
AMOS BlackCat Cactus Cicada3301 Clop LockBit PLAY RansomHub Royal Ransom Silence 2025-06-09 ⋅ The
Record ⋅ Daryna Antoniuk
New hacker group uses LockBit ransomware variant to target Russian companies
LockBit DarkGaboon 2025-05-13 ⋅ CSA ⋅ Ahmad Abdillah
Intrusion Insights Straight from Leaked Operator Chats
LockBit LockBit LockBit 2025-04-24 ⋅ Mandiant ⋅ Mandiant
M-Trends 2025 Report
Akira Black Basta LockBit SystemBC GootLoader LockBit WIREFIRE Akira Black Basta Cobalt Strike LockBit
RansomHub SystemBC Pink Sandstorm 2025-03-13 ⋅ Forescout ⋅ Forescout Research, Sai Molige
New Ransomware Operator Exploits Fortinet Vulnerability Duo
BlackMatter LockBit Mora_001 2025-02-19 ⋅ 0x0d4y ⋅ 0x0d4y
Technical Analysis of Lockbit4.0 Evasion Tales
LockBit 2025-01-27 ⋅ The DFIR Report ⋅ MittenSec, MyDFIR, r3nzsec
Cobalt Strike and a Pair of SOCKS Lead to LockBit Ransomware
GhostSocks LockBit SystemBC 2025-01-17 ⋅ Google Cloud Security ⋅ Office of the CISO
Threat Horizons - H1 2025 Threat Horizons Report
FAKEUPDATES Conti Hades LockBit Phoenix Locker RansomHub TRIPLESTRENGTH 2024-12-18 ⋅ Kaspersky
Labs ⋅ Kaspersky
Analysis of Cyber Anarchy Squad attacks targeting Russian and Belarusian organizations
Babuk LockBit Revenge RAT SparkRAT Cyber Alliance Ukrainian Cyber Alliance 2024-07-16 ⋅ Sentinel LABS ⋅ Jim
Walter
NullBulge | Threat Actor Masquerades as Hacktivist Group Rebelling Against AI
AsyncRAT LockBit XWorm Nullbulge 2024-06-05 ⋅ S-RM ⋅ David Broom, Gavin Hull
Exmatter malware levels up: S-RM observes new variant with simultaneous remote code execution and data
targeting
BlackCat BlackMatter Conti ExMatter LockBit REvil Ryuk 2024-05-07 ⋅ KrebsOnSecurity ⋅ Brian Krebs
U.S. Charges Russian Man as Boss of LockBit Ransomware Group
LockBit 2024-05-07 ⋅ Twitter (@fs0c131y) ⋅ Baptiste Robert
https://malpedia.caad.fkie.fraunhofer.de/details/win.lockbit
Page 1 of 10

Tweets on LockBitSupp
LockBit 2024-05-02 ⋅ calif.io ⋅ Hoang Nguyen, Nhan Huynh, Thai Duong
Dissecting LOCKBIT v3 ransomware
LockBit 2024-04-03 ⋅ Trend Micro ⋅ Christopher Boyton
Unveiling the Fallout: Operation Cronos' Impact on LockBit Following Landmark Disruption
LockBit 2024-02-29 ⋅ ANALYST1 ⋅ Anastasia Sentsova, Jon DiMaggio
LockBit Takedown & Operation Cronos: A Long-Awaited PsyOps Against Ransomware
LockBit LockBit LockBit 2024-02-20 ⋅ National Crime Agency ⋅ National Crime Agency (NCA)
International investigation disrupts the world’s most harmful cyber crime group
LockBit LockBit LockBit 2024-02-20 ⋅ Europol ⋅ Europol
Law enforcement disrupt world’s biggest ransomware operation
LockBit LockBit LockBit 2024-02-20 ⋅ Washington Post ⋅ Leo Sands
‘World’s most harmful’ cybercriminal group disrupted in 11-nation operation
LockBit LockBit LockBit 2024-02-08 ⋅ ANALYST1 ⋅ Anastasia Sentsova, Jon DiMaggio
“This Forum is a Bunch of Communists and They Set Me Up”, LockBit Spills the Tea Regarding Their Recent
Ban on Russian-Speaking Forums
LockBit 2023-12-22 ⋅ PRODAFT ⋅ PRODAFT
Smoke and Mirrors: Understanding The Workings of Wazawaka
Conti Monti Babuk Hive LockBit RagnarLocker Trigona 2023-12-20 ⋅ Sophos X-Ops ⋅ Mark Loman, Matt Wixey
CryptoGuard: An asymmetric approach to the ransomware battle
Akira LockBit Storm-1567 2023-11-30 ⋅ EchoCTI ⋅ Bilal BAKARTEPE, bixploit
LockBit 3.0 Technical Analysis Report
LockBit 2023-10-03 ⋅ Luca Mella
Lighting the Exfiltration Infrastructure of a LockBit Affiliate (and more)
LockBit LockBit Conti LockBit 2023-09-07 ⋅ PRODAFT ⋅ PRODAFT
PTI-257 (ex-Wizard Spider) - IOCs
LockBit LockBit 2023-07-26 ⋅ Talos ⋅ Nicole Hoffman
Incident Response trends Q2 2023: Data theft extortion rises, while healthcare is still most-targeted vertical
BianLian Clop LockBit Royal Ransom LockBit 8Base BianLian Clop LockBit Money Message Royal Ransom
2023-06-22 ⋅ Kaspersky Labs ⋅ GReAT
LockBit Green and phishing that targets organizations
LockBit LockBit 2023-06-17 ⋅ Github (EmissarySpider) ⋅ EmissarySpider
ransomware-descendants
Babuk Conti LockBit 2023-06-14 ⋅ CISA ⋅ ANSSI, Australian Cyber Security Centre (ACSC), Bundesamt für Sicherheit in der
Informationstechnik (BSI), Canadian Centre for Cyber Security (CCCS), CERT NZ, FBI, MS-ISAC, NCSC UK, New Zealand National
Cyber Security Centre (NZ NCSC)
Understanding Ransomware Threat Actors: Lockbit
LockBit 2023-05-23 ⋅ loginsoft ⋅ Saharsh Agrawal
Taming the Storm: Understanding and Mitigating the Consequences of CVE-2023-27350
Clop LockBit Silence 2023-05-16 ⋅ KrebsOnSecurity ⋅ Brian Krebs
Russian Hacker “Wazawaka” Indicted for Ransomware
Babuk Hive LockBit LockBit Babuk Hive LockBit 2023-04-19 ⋅ Bleeping Computer ⋅ Bill Toulas
https://malpedia.caad.fkie.fraunhofer.de/details/win.lockbit
Page 2 of 10

March 2023 broke ransomware attack records with 459 incidents
Clop WhiteRabbit BianLian Black Basta BlackCat LockBit Medusa PLAY Royal Ransom 2023-04-18 ⋅ Mandiant ⋅
Mandiant
M-Trends 2023
QUIETEXIT AppleJeus Black Basta BlackCat CaddyWiper Cobalt Strike Dharma HermeticWiper Hive
INDUSTROYER2 Ladon LockBit Meterpreter PartyTicket PlugX QakBot REvil Royal Ransom SystemBC
WhisperGate 2023-04-14 ⋅ ⋅ GLIMPS ⋅ GLIMPS
Lockbit changes color
LockBit 2023-03-30 ⋅ United States District Court (Eastern District of New York) ⋅ Fortra, HEALTH-ISAC, Microsoft
Cracked Cobalt Strike (1:23-cv-02447)
Black Basta BlackCat LockBit RagnarLocker LockBit Black Basta BlackCat Cobalt Strike Cuba Emotet LockBit
Mount Locker PLAY QakBot RagnarLocker Royal Ransom Zloader 2023-02-28 ⋅ Fortinet ⋅ Eliran Voronovitch
Can You See It Now? An Emerging LockBit Campaign
LockBit 2023-02-01 ⋅ Security Affairs ⋅ Pierluigi Paganini
New LockBit Green ransomware variant borrows code from Conti ransomware
Conti LockBit 2023-02-01 ⋅ Seqrite ⋅ Sathwik Ram Prakki
Uncovering LockBit Black’s Attack Chain and Anti-forensic activity
LockBit 2023-01-16 ⋅ ANALYST1 ⋅ Jon DiMaggio
Unlocking Lockbit: A Ransomware Story
LockBit LockBit 2022-11-30 ⋅ Sophos ⋅ Andrew Brandt
LockBit 3.0 ‘Black’ attacks and leaks reveal wormable capabilities and tooling
LockBit 2022-11-08 ⋅ AhnLab ⋅ ASEC
LockBit 3.0 Being Distributed via Amadey Bot
Amadey Gandcrab LockBit 2022-10-18 ⋅ Logpoint ⋅ Anish Bogati, Nilaa Maharjan
Hunting Lockbit Variation
LockBit 2022-10-15 ⋅ vmware ⋅ Dana Behling
LockBit 3.0 Ransomware Unlocked
LockBit 2022-10-11 ⋅ ⋅ AhnLab ⋅ ASEC Analysis Team
From Exchange Server vulnerability to ransomware infection in just 7 days
LockBit MimiKatz 2022-09-22 ⋅ Cyber Geeks ⋅ Vlad Pasca
A Technical Analysis Of The Leaked LOCKBIT 3.0 Builder
LockBit 2022-09-22 ⋅ Medium s2wlab ⋅ Jeong Hyunsik, Yang HuiSeong
Quick Overview of Leaked LockBit 3.0 (Black) builder program
LockBit 2022-08-28 ⋅ BleepingComputer ⋅ Ionut Ilascu
LockBit ransomware gang gets aggressive with triple-extortion tactic
LockBit 2022-08-19 ⋅ nccgroup ⋅ Ross Inman
Back in Black: Unlocking a LockBit 3.0 Ransomware Attack
FAKEUPDATES Cobalt Strike LockBit 2022-08-11 ⋅ SecurityScorecard ⋅ Robert Ames
The Increase in Ransomware Attacks on Local Governments
BlackCat BlackCat Cobalt Strike LockBit 2022-08-10 ⋅ Quick Heal ⋅ Sathwik Ram Prakki
Indian Power Sector targeted with latest LockBit 3.0 variant
LockBit 2022-08-04 ⋅ YouTube (Arda Büyükkaya) ⋅ Arda Büyükkaya
https://malpedia.caad.fkie.fraunhofer.de/details/win.lockbit
Page 3 of 10

LockBit Ransomware Sideloads Cobalt Strike Through Microsoft Security Tool
Cobalt Strike LockBit 2022-07-28 ⋅ SentinelOne ⋅ James Haughom, Julien Reisdorffer, Júlio Dantas
Living Off Windows Defender | LockBit Ransomware Sideloads Cobalt Strike Through Microsoft Security Tool
Cobalt Strike LockBit 2022-07-25 ⋅ Trend Micro ⋅ Byron Gelera, Ieriz Nicolle Gonzalez, Ivan Nicole Chavez, Katherine Casona,
Nathaniel Gregory Ragasa, Nathaniel Morales
LockBit Ransomware Group Augments Its Latest Variant, LockBit 3.0, With BlackMatter Capabilities
BlackMatter LockBit 2022-07-21 ⋅ Sentinel LABS ⋅ Aleksandar Milenkoski, Jim Walter
LockBit 3.0 Update | Unpicking the Ransomware’s Latest Anti-Analysis and Evasion Techniques
LockBit 2022-07-20 ⋅ Symantec ⋅ Lahu Khatal, Vishal Kamble
LockBit: Ransomware Puts Servers in the Crosshairs
LockBit 2022-07-18 ⋅ Fortinet ⋅ FortiGuard Labs
Ransomware Roundup: Protecting Against New Variants
LockBit LockBit 2022-07-13 ⋅ ⋅ GLIMPS ⋅ GLIMPS
Lockbit 3.0
BlackMatter DarkSide LockBit 2022-07-10 ⋅ Minerva Labs ⋅ Natalie Zargarov
Lockbit 3.0 AKA Lockbit Black is here, with a new icon, new ransom note, new wallpaper, but less evasiveness?
LockBit 2022-07-07 ⋅ Cybereason ⋅ Cybereason Global SOC Team
THREAT ANALYSIS REPORT: LockBit 2.0 - All Paths Lead to Ransom
LockBit 2022-07-06 ⋅ Cluster25 ⋅ Cluster25
LockBit 3.0: “Making The Ransomware Great Again”
LockBit 2022-07-05 ⋅ cyble ⋅ Cyble Research Labs
Lockbit 3.0 – Ransomware Group Launches New Version
LockBit 2022-06-24 ⋅ AhnLab ⋅ ASEC
LockBit Ransomware Disguised as Copyright Claim E-mail Being Distributed
LockBit 2022-06-23 ⋅ Kaspersky ⋅ Danila Nasonov, Natalya Shornikova, Nikita Nazarov, Vasily Davydov, Vladislav Burtsev
The hateful eight: Kaspersky’s guide to modern ransomware groups’ TTPs (Download Form)
BlackByte BlackCat Clop Conti Hive LockBit Mespinoza RagnarLocker 2022-06-23 ⋅ Kaspersky ⋅ Danila Nasonov,
Natalya Shornikova, Nikita Nazarov, Vasily Davydov, Vladislav Burtsev
The hateful eight: Kaspersky’s guide to modern ransomware groups’ TTPs
Conti Hive BlackByte BlackCat Clop LockBit Mespinoza Ragnarok 2022-06-09 ⋅ Palo Alto Networks Unit 42 ⋅ Abigail
Barr, Amer Elsad, JR Gumarin
LockBit 2.0: How This RaaS Operates and How to Protect Against It
LockBit 2022-06-02 ⋅ Mandiant ⋅ Mandiant Intelligence
To HADES and Back: UNC2165 Shifts to LOCKBIT to Evade Sanctions
FAKEUPDATES Blister Cobalt Strike DoppelPaymer Dridex FriedEx Hades LockBit Macaw MimiKatz Phoenix
Locker WastedLocker 2022-06-02 ⋅ Packt ⋅ packtsecurity
A SecPro Super Issue: Understanding LockBit
LockBit LockBit BITWISE SPIDER 2022-05-23 ⋅ Trend Micro ⋅ Matsugaya Shingo
LockBit, Conti, and BlackCat Lead Pack Amid Rise in Active RaaS and Extortion Groups: Ransomware in Q1
2022
BlackCat Conti LockBit 2022-05-23 ⋅ Trend Micro ⋅ Trend Micro Research
LockBit, Conti, and BlackCat Lead Pack Amid Rise in Active RaaS and Extortion Groups: Ransomware in Q1
https://malpedia.caad.fkie.fraunhofer.de/details/win.lockbit
Page 4 of 10

2022 (PDF)
BlackCat Conti LockBit 2022-05-11 ⋅ Kaspersky ⋅ GReAT
New ransomware trends in 2022
BlackCat Conti DEADBOLT DoubleZero LockBit PartyTicket StealBit 2022-05-09 ⋅ Microsoft ⋅ Microsoft 365 Defender
Threat Intelligence Team, Microsoft Threat Intelligence Center (MSTIC)
Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself
AnchorDNS BlackCat BlackMatter Conti DarkSide HelloKitty Hive LockBit REvil FAKEUPDATES Griffon
ATOMSILO BazarBackdoor BlackCat BlackMatter Blister Cobalt Strike Conti DarkSide Emotet FiveHands Gozi
HelloKitty Hive IcedID ISFB JSSLoader LockBit LockFile Maze NightSky Pandora Phobos Phoenix Locker
PhotoLoader QakBot REvil Rook Ryuk SystemBC TrickBot WastedLocker BRONZE STARLIGHT 2022-05-09 ⋅
Microsoft Security ⋅ Microsoft 365 Defender Threat Intelligence Team, Microsoft Threat Intelligence Center
Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself
Griffon BazarBackdoor BlackCat BlackMatter Blister Gozi LockBit Pandora Rook SystemBC TrickBot 2022-05-06
⋅ ⋅ LeMagIT ⋅ Valéry Rieß-Marchive
Ransomware: LockBit 3.0 Starts Using in Cyberattacks
LockBit 2022-05-06 ⋅ Twitter (@MsftSecIntel) ⋅ Microsoft Security Intelligence
Twitter Thread on initial infeciton of SocGholish/ FAKEUPDATES campaigns lead to BLISTER Loader,
CobaltStrike, Lockbit and followed by Hands On Keyboard activity
FAKEUPDATES Blister Cobalt Strike LockBit 2022-05-05 ⋅ Intel 471 ⋅ Intel 471
Cybercrime loves company: Conti cooperated with other ransomware gangs
LockBit Maze RagnarLocker Ryuk 2022-04-27 ⋅ Sentinel LABS ⋅ James Haughom, Jim Walter, Júlio Dantas
LockBit Ransomware Side-loads Cobalt Strike Beacon with Legitimate VMware Utility
Cobalt Strike LockBit 2022-04-27 ⋅ Sentinel LABS ⋅ James Haughom, Jim Walter, Júlio Dantas
LockBit Ransomware Side-loads Cobalt Strike Beacon with Legitimate VMware Utility
Cobalt Strike LockBit BRONZE STARLIGHT 2022-04-12 ⋅ ConnectWise ⋅ ConnectWise CRU
Threat Profile: LockBit
LockBit 2022-04-12 ⋅ Sophos ⋅ Andrew Brandt, Angela Gunn, Ferenc László Nagy, Johnathan Fern, Linda Smith, Matthew Everts,
Mauricio Valdivieso, Melissa Kelly, Peter Mackenzie, Sergio Bestulic
Attackers linger on government agency computers before deploying Lockbit ransomware
LockBit 2022-04-06 ⋅ SOCRadar ⋅ SOCRadar
Lockbit 3.0: Another Upgrade to World’s Most Active Ransomware
LockBit LockBit BITWISE SPIDER 2022-04-05 ⋅ Trend Micro ⋅ Abdelrhman Sharshar, Earle Maui Earnshaw, Ian Kenefick,
Lucas Silva, Mohamed Fahmy, Ryan Maglaque
Thwarting Loaders: From SocGholish to BLISTER’s LockBit Payload (IoCs)
FAKEUPDATES Blister LockBit 2022-04-05 ⋅ Trend Micro ⋅ Abdelrhman Sharshar, Earle Maui Earnshaw, Ian Kenefick, Lucas
Silva, Mohamed Fahmy, Ryan Maglaque
Thwarting Loaders: From SocGholish to BLISTER’s LockBit Payload
FAKEUPDATES Blister LockBit 2022-04-05 ⋅ Trend Micro ⋅ Abdelrhman Sharshar, Earle Earnshaw, Ian Kenefick, Lucas Silva,
Mohamed Fahmy, Ryan Maglaque
Thwarting Loaders: From SocGholish to BLISTER’s LockBit Payload
Blister LockBit 2022-04-01 ⋅ Bleeping Computer ⋅ Lawrence Abrams
The Week in Ransomware - April 1st 2022 - 'I can fight with a keyboard'
https://malpedia.caad.fkie.fraunhofer.de/details/win.lockbit
Page 5 of 10

Hive Dharma LockBit STOP SunCrypt 2022-03-31 ⋅ Bleeping Computer ⋅ Bill Toulas
LockBit victim estimates cost of ransomware attack to be $42 million
LockBit LockBit 2022-03-31 ⋅ Trellix ⋅ Jambul Tologonov, John Fokker
Conti Leaks: Examining the Panama Papers of Ransomware
LockBit Amadey Buer Conti IcedID LockBit Mailto Maze PhotoLoader Ryuk TrickBot 2022-03-23 ⋅ splunk ⋅ Shannon
Davis
Gone in 52 Seconds…and 42 Minutes: A Comparative Analysis of Ransomware Encryption Speed
Avaddon Babuk BlackMatter Conti DarkSide LockBit Maze Mespinoza REvil Ryuk 2022-03-19 ⋅ Chuongdong blog ⋅
Chuong Dong
LockBit Ransomware v2.0
LockBit 2022-03-17 ⋅ Sophos ⋅ Tilly Travers
The Ransomware Threat Intelligence Center
ATOMSILO Avaddon AvosLocker BlackKingdom Ransomware BlackMatter Conti Cring DarkSide dearcry
Dharma Egregor Entropy Epsilon Red Gandcrab Karma LockBit LockFile Mailto Maze Nefilim RagnarLocker
Ragnarok REvil RobinHood Ryuk SamSam Snatch WannaCryptor WastedLocker 2022-03-11 ⋅ Bleeping Computer ⋅
Ionut Ilascu
LockBit ransomware gang claims attack on Bridgestone Americas
LockBit 2022-03-11 ⋅ Microsoft ⋅ Microsoft Detection and Response Team (DART)
Part 1: LockBit 2.0 ransomware bugs and database recovery attempts
LockBit 2022-03-11 ⋅ Microsoft ⋅ Microsoft Detection and Response Team (DART)
Part 2: LockBit 2.0 ransomware bugs and database recovery attempts
LockBit 2022-02-27 ⋅ The Record ⋅ Catalin Cimpanu
Conti ransomware gang chats leaked by pro-Ukraine member
Conti LockBit 2022-02-23 ⋅ splunk ⋅ Shannon Davis, SURGe
An Empirically Comparative Analysis of Ransomware Binaries
Avaddon Babuk BlackMatter Conti DarkSide LockBit Maze Mespinoza REvil Ryuk 2022-02-14 ⋅ ⋅ DR.DK ⋅ Allan
Nisgaard, Ingeborg Munk Toft, Kenrik Moltke, Marcel Mirzaei-Fard
Var tæt på at slukke tusindvis af vindmøller: Nu fortæller Vestas om cyberangreb
LockBit 2022-02-14 ⋅ LIFARS ⋅ Vlad Pasca
A Detailed Analysis of The LockBit Ransomware
LockBit LockBit 2022-02-09 ⋅ Dragos ⋅ Anna Skelton
Dragos ICS/OT Ransomware Analysis: Q4 2021
LockBit Conti LockBit 2022-02-08 ⋅ Trend Micro ⋅ Trend Micro Research
Ransomware Spotlight: LockBit
LockBit BITWISE SPIDER 2022-02-08 ⋅ Intel 471 ⋅ Intel 471
PrivateLoader: The first step in many malware schemes
Dridex Kronos LockBit Nanocore RAT NjRAT PrivateLoader Quasar RAT RedLine Stealer Remcos
SmokeLoader STOP Tofsee TrickBot Vidar 2022-02-07 ⋅ FBI ⋅ FBI
CU-000162-MW: Indicators of Compromise Associated with LockBit 2.0 Ransomware
LockBit LockBit 2022-01-27 ⋅ CoveWare
Ransomware as a Service Innovation Curve
Conti LockBit 2022-01-26 ⋅ Intrinsec ⋅ Intrinsec
https://malpedia.caad.fkie.fraunhofer.de/details/win.lockbit
Page 6 of 10

ALPHV ransomware gang analysis
BlackCat LockBit 2022-01-24 ⋅ Trend Micro ⋅ Junestherry Dela Cruz
Analysis and Impact of LockBit Ransomware’s First Linux and VMware ESXi Variant
LockBit LockBit 2022-01-21 ⋅ CrowdStrike ⋅ Falcon OverWatch Team
Better Together: The Power of Managed Cybersecurity Services in the Face of Pressing Global Security
Challenges
LockBit LockBit BITWISE SPIDER 2021-12-16 ⋅ Cybereason ⋅ Aleksandar Milenkoski, Kotaro Ogino
Inside the LockBit Arsenal - The StealBit Exfiltration Tool
LockBit StealBit 2021-11-23 ⋅ Morphisec ⋅ Arnold Osipov, Hido Cohen
Babadeda Crypter targeting crypto, NFT, and DeFi communities
Babadeda BitRAT LockBit Remcos 2021-11-18 ⋅ Red Canary ⋅ The Red Canary Team
Intelligence Insights: November 2021
Andromeda Conti LockBit QakBot Squirrelwaffle 2021-11-18 ⋅ Cisco ⋅ Josh Pyorre
BlackMatter, LockBit, and THOR
BlackMatter LockBit PlugX 2021-11-17 ⋅ CrowdStrike ⋅ Liviu Arsene, Sarang Sonawane, Thomas Moses
Ransomware (R)evolution Plagues Organizations, But CrowdStrike Protection Never Wavers
LockBit 2021-11-03 ⋅ Bleeping Computer ⋅ Lawrence Abrams
BlackMatter ransomware moves victims to LockBit after shutdown
BlackMatter BlackMatter LockBit 2021-10-27 ⋅ ⋅ MBSD ⋅ MBSD
ランサムウェア「LockBit2.0」の内部構造を紐
LockBit 2021-10-15 ⋅ skyblue.team blog ⋅ skyblue team
Recovering registry hives encrypted by LockBit 2.0
LockBit 2021-10-12 ⋅ CrowdStrike ⋅ CrowdStrike Intelligence Team
ECX: Big Game Hunting on the Rise Following a Notable Reduction in Activity
Babuk BlackMatter DarkSide REvil Avaddon Babuk BlackMatter DarkSide LockBit Mailto REvil 2021-10-05 ⋅
Seguranca Informatica ⋅ Pedro Tavares
Malware analysis: Details on LockBit ransomware
LockBit 2021-09-24 ⋅ Yoroi ⋅ Luca Mella, Luigi Martire
Hunting the LockBit Gang's Exfiltration Infrastructures
LockBit StealBit 2021-09-09 ⋅ IBM ⋅ Megan Roddie
LockBit 2.0: Ransomware Attacks Surge After Successful Affiliate Recruitment
LockBit 2021-08-26 ⋅ Advanced Intelligence ⋅ Anastasia Sentsova
From Russia With… LockBit Ransomware: Inside Look & Preventive Solutions
LockBit 2021-08-24 ⋅ Palo Alto Networks Unit 42 ⋅ Doel Santos, Ruchna Nigam
Ransomware Groups to Watch: Emerging Threats
HelloKitty AvosLocker HelloKitty Hive LockBit 2021-08-24 ⋅ KELA ⋅ KELA Cyber Intelligence Center
LockBit 2.0 Interview with Russian OSINT
LockBit 2021-08-17 ⋅ Amged Wagih
LockBit Ransomware - Technical Anlysis
LockBit 2021-08-17 ⋅ Medium amgedwageh ⋅ Amged Wageh
LockBit Ransomware Analysis Notes
LockBit 2021-08-16 ⋅ Trend Micro ⋅ Byron Gelera, Cris Tomboc, Jayson Chong, Jett Paulo Bernardo, Mark Marti, Nikki Madayag,
https://malpedia.caad.fkie.fraunhofer.de/details/win.lockbit
Page 7 of 10

Sean Torre
LockBit Resurfaces With Version 2.0 Ransomware Detections in Chile, Italy, Taiwan, UK
LockBit 2021-08-16 ⋅ cyble ⋅ Cyble
A Deep-dive Analysis of LOCKBIT 2.0
LockBit 2021-08-15 ⋅ Symantec ⋅ Threat Hunter Team
The Ransomware Threat
Babuk BlackMatter DarkSide Avaddon Babuk BADHATCH BazarBackdoor BlackMatter Clop Cobalt Strike
Conti DarkSide DoppelPaymer Egregor Emotet FiveHands FriedEx Hades IcedID LockBit Maze MegaCortex
MimiKatz QakBot RagnarLocker REvil Ryuk TrickBot WastedLocker 2021-08-12 ⋅ Netskope ⋅ Gustavo Palazolo
Netskope Threat Coverage: LockBit
LockBit 2021-08-11 ⋅ Cybereason ⋅ Tony Bradley
The Rising Threat from LockBit Ransomware
LockBit 2021-08-06 ⋅ The Record ⋅ Catalin Cimpanu
Australian cybersecurity agency warns of spike in LockBit ransomware attacks
LockBit 2021-08-04 ⋅ Bleeping Computer ⋅ Sergiu Gatlan
Energy group ERG reports minor disruptions after ransomware attack
LockBit 2021-08-04 ⋅ Bleeping Computer ⋅ Lawrence Abrams
LockBit ransomware recruiting insiders to breach corporate networks
LockBit 2021-08-03 ⋅ Bleeping Computer ⋅ Lawrence Abrams
Ransomware attack hits Italy's Lazio region, affects COVID-19 site
LockBit RansomEXX 2021-08-02 ⋅ The Record ⋅ Dmitry Smilyanets
An interview with BlackMatter: A new ransomware group that’s learning from the mistakes of DarkSide and
REvil
DarkSide LockBit REvil 2021-07-27 ⋅ Bleeping Computer ⋅ Lawrence Abrams
LockBit ransomware now encrypts Windows domains using group policies
Egregor LockBit 2021-07-27 ⋅ Recorded Future ⋅ Insikt Group®
BlackMatter Ransomware Emerges As Successor to DarkSide, REvil
DarkSide LockBit REvil 2021-07-22 ⋅ S2W LAB Inc. ⋅ Denise Dasom Kim, Jungyeon Lim, Sujin Lim, Yeonghyeon Jeong
W4 July | EN | Story of the week: Ransomware on the Darkweb
LockBit SunCrypt 2021-06-18 ⋅ PRODAFT Threat Intelligence ⋅ PRODAFT
LockBit RaaS In-Depth Analysis
LockBit 2021-05-13 ⋅ Bleeping Computer ⋅ Lawrence Abrams
Popular Russian hacking forum XSS bans all ransomware topics
DarkSide DarkSide LockBit REvil 2021-05-10 ⋅ DarkTracer ⋅ DarkTracer
Intelligence Report on Ransomware Gangs on the DarkWeb: List of victim organizations attacked by ransomware
gangs released on the DarkWeb
RansomEXX Avaddon Babuk Clop Conti Cuba DarkSide DoppelPaymer Egregor Hades LockBit Mailto Maze
MedusaLocker Mespinoza Mount Locker Nefilim Nemty Pay2Key PwndLocker RagnarLocker Ragnarok
RansomEXX REvil Sekhmet SunCrypt ThunderX 2021-05-06 ⋅ Cyborg Security ⋅ Brandon Denker
Ransomware: Hunting for Inhibiting System Backup or Recovery
Avaddon Conti DarkSide LockBit Mailto Maze Mespinoza Nemty PwndLocker RagnarLocker RansomEXX
REvil Ryuk Snatch ThunderX 2021-04-28 ⋅ Bleeping Computer ⋅ Lawrence Abrams
https://malpedia.caad.fkie.fraunhofer.de/details/win.lockbit
Page 8 of 10

UK rail network Merseyrail likely hit by Lockbit ransomware
LockBit 2021-04-26 ⋅ CoveWare ⋅ CoveWare
Ransomware Attack Vectors Shift as New Software Vulnerability Exploits Abound
Avaddon Clop Conti DarkSide Egregor LockBit Mailto Phobos REvil Ryuk SunCrypt 2021-04-07 ⋅ ANALYST1 ⋅ Jon
DiMaggio
Ransom Mafia Analysis of the World's First Ransomware Cartel
Conti Egregor LockBit Maze RagnarLocker Ryuk SunCrypt TA2101 VIKING SPIDER 2021-04-07 ⋅ ANALYST1 ⋅
Jon DiMaggio
Ransom Mafia - Analysis of the World's First Ransomware Cartel
Conti Egregor LockBit Maze RagnarLocker SunCrypt VIKING SPIDER 2021-03-17 ⋅ The Record ⋅ Catalin Cimpanu
Missed opportunity: Bug in LockBit ransomware allowed free decryptions
LockBit 2021-02-23 ⋅ CrowdStrike ⋅ CrowdStrike
2021 Global Threat Report
RansomEXX Amadey Anchor Avaddon BazarBackdoor Clop Cobalt Strike Conti Cutwail DanaBot DarkSide
DoppelPaymer Dridex Egregor Emotet Hakbit IcedID JSOutProx KerrDown LockBit Mailto Maze MedusaLocker
Mespinoza Mount Locker NedDnLoader Nemty Pay2Key PlugX Pushdo PwndLocker PyXie QakBot Quasar RAT
RagnarLocker Ragnarok RansomEXX REvil Ryuk Sekhmet ShadowPad SmokeLoader Snake SUNBURST
SunCrypt TEARDROP TrickBot WastedLocker Winnti Zloader Evilnum OUTLAW SPIDER RIDDLE SPIDER
SOLAR SPIDER VIKING SPIDER 2021-01-26 ⋅ Medium s2wlab ⋅ Hyunmin Suh
W4 Jan | EN | Story of the week: Ransomware on the Darkweb
Avaddon Babuk LockBit 2021-01-04 ⋅ Cisco Talos ⋅ Azim Khodjibaev, Dmytro Korzhevin, Kendall McKay
Interview with a LockBit ransomware operator
LockBit 2020-12-05 ⋅ ZDNet ⋅ Catalin Cimpanu
Ransomware hits helicopter maker Kopter
LockBit 2020-11-18 ⋅ KELA ⋅ Victoria Kivilevich
Zooming into Darknet Threats Targeting Japanese Organizations
Conti DoppelPaymer Egregor LockBit Maze REvil Snake 2020-10-21 ⋅ SophosLabs Uncut ⋅ Sean Gallagher
LockBit uses automated attack tools to identify tasty targets
LockBit 2020-10-02 ⋅ Lexfo ⋅ Lexfo
Lockbit analysis
LockBit 2020-09-25 ⋅ CrowdStrike ⋅ The Crowdstrike Intel Team
Double Trouble: Ransomware with Data Leak Extortion, Part 1
DoppelPaymer FriedEx LockBit Maze MedusaLocker RagnarLocker REvil RobinHood SamSam WastedLocker
MIMIC SPIDER PIZZO SPIDER TA2101 VIKING SPIDER 2020-09-24 ⋅ CrowdStrike ⋅ CrowdStrike Intelligence Team
Double Trouble: Ransomware with Data Leak Extortion, Part 1
DoppelPaymer Gandcrab LockBit Maze MedusaLocker RagnarLocker SamSam OUTLAW SPIDER
OVERLORD SPIDER 2020-09-17 ⋅ CRYPSIS ⋅ Drew Schmitt
Ransomware’s New Trend: Exfiltration and Extortion
LockBit 2020-09-01 ⋅ Cisco Talos ⋅ Caitlin Huey, David Liebenberg
Quarterly Report: Incident Response trends in Summer 2020
Cobalt Strike LockBit Mailto Maze Ryuk 2020-07-29 ⋅ ESET Research ⋅ welivesecurity
THREAT REPORT Q2 2020
https://malpedia.caad.fkie.fraunhofer.de/details/win.lockbit
Page 9 of 10

DEFENSOR ID HiddenAd Bundlore Pirrit Agent.BTZ Cerber ClipBanker CROSSWALK Cryptowall CTB
Locker DanaBot Dharma Formbook Gandcrab Grandoreiro Houdini ISFB LockBit Locky Mailto Maze Microcin
Nemty NjRAT Phobos PlugX Pony REvil Socelars STOP Tinba TrickBot WannaCryptor 2020-04-28 ⋅ Microsoft ⋅
Microsoft Threat Protection Intelligence Team
Ransomware groups continue to target healthcare, critical services; here’s how to reduce risk
LockBit Mailto Maze MedusaLocker Paradise RagnarLocker REvil RobinHood 2020-04-24 ⋅ Github (albertzsigovits) ⋅
Albert Zsigovits
LockBit ransomware IoCs
LockBit 2020-04-24 ⋅ Sophos Labs ⋅ Albert Zsigovits
LockBit ransomware borrows tricks to keep up with REvil and Maze
LockBit
[TLP:WHITE] win_lockbit_auto (20251219 | Detects win.lockbit.)
Source: https://malpedia.caad.fkie.fraunhofer.de/details/win.lockbit
https://malpedia.caad.fkie.fraunhofer.de/details/win.lockbit
Page 10 of 10