LockBit Ransomware is an emerging threat and growing stronger day by day. It is following the footsteps of
REvil and
Maze Ransomware by threatening to publicize the user data if the ransom demand is not fulfilled. LockBit does not target user in Russia and
CIS (Commonwealth of Independent States) countries.
Update: Download Lockbit 2.0 Linux ESXi Variant
LockBit leverages a very similar service-list to
MedusaLocker Ransomware. It comes as no surprise that crooks copy these lists, so they don’t have to reinvent the wheel. The unique Registry run key and ransom note filename that was written by LockBit
XO1XADpO01 and Restore-My-Files.txt were also seen being used by Phobos, and by a Phobos imposter ransomware. This would suggest that there is a connection between these families.
LockBit Ransomware Sample 1 Signatures
Family: Ransom:Win32/LockBit.PA!MTB
MD5: 5761ee98b1c2fea31b5408516a8929ea
SHA256: 0a937d4fe8aa6cb947b95841c490d73e452a3cafcd92645afc353006786aba76
LockBit Ransomware Sample 1 Download
LockBit Ransomware Sample 2 Signatures
Family: Ransom:Win32/LokiBot!MSR
MD5: 889328e2cf5f5d74531b9b0a25c1871c
SHA256: 0e66029132a885143b87b1e49e32663a52737bbff4ab96186e9e5e829aa2915f
LockBit Ransomware Sample 2 Download
