LockBit 3.0 Ransomware Update
LockBit 3.0 Ransomware es el grupo de ciberdelincuentes que ofrece servicios de Ransomware-as-a-Service (RaaS) con más ataques de ransomware en la historia. Es uno de los más activos y peligrosos de la actualidad, teniendo alrededor de 4 ataques por día, y siendo de los más conocidos por los ingenieros de ciberseguridad. El ransomware de LockBit 3.0 pertenece a la familia LockBit, tiene dos versiones anteriores, sin embargo, la versión 3.0, que se publicó en marzo de 2022, introdujo nuevas características, como una mayor sofisticación en evasión y ataque, automatización, experiencia de usuario mejorada, y amenazas y tácticas adicionales, así como nuevas y mejoradas formas de doble extorsión, y nuevos métodos para presionar a las víctimas, ahorillándolos a pagar el rescate. Fue el grupo de Ransomware más desplegado en 2022, 2023, y todo apunta a que en 2024 siga ocupando el primer puesto. Según Ransom-DB, LockBit 3.0 ha registrado más de 2,400 víctimas. Según CISA (Cybersecurity & Infrastructure Security Agency), alrededor del 27% de los ataques de ransomware son realizados por el grupo LockBit.
LockBit ofrece servicios de Ransomware-as-a-Service (RaaS), un modelo de negocio utilizado para ofrecer a ciberdelincuentes todo el entorno que involucra al ransomware, para que ellos puedan realizar ataques por sí mismos. Lo que suele incluir el RaaS es:
- Software de Ransomware listo para usar.
- Plataforma de distribución.
- Instrucciones y soporte.
- Modelo de pago.
- Instrucciones y soporte.
- Actualizaciones y mantenimiento.
- Infraestructura de pago de rescate.
- Anonimato y seguridad.
Cuando LockBit logra cifrar todos los archivos y datos del sistema, deja una nota de rescate llamada .README.txt o Restore-My-Files.txt, cambia el fondo de pantalla y los iconos del host a la marca LockBit 3.0. En caso de ser necesario, también enviará información cifrada del host y del bot a un servidor de Command and Control (C2). Los métodos de cifrado que utiliza son AES, y se codifica en Base64.
![LockBit 3.0 ransom note (Readme.[random_string].txt)](https://www.pcrisk.com/images/stories/screenshots202211/lockbit-3-0-ransomware-update-2022-11-22-ransom-note.jpg)
LockBit utiliza una herramienta de exfiltración personalizada llamada Stealbit, una herramienta de gestión de almacenamiento en la nube de línea de comandos de código abierto llamada rclone, y servicios de intercambio de archivos conocidos públicamente, como MEGA, para filtrar archivos de datos confidenciales de la empresa antes del cifrado. LockBit también usa varias herramientas de código abierto durante sus intrusiones, para el reconocimiento de la red, el acceso remoto y la tunelización, el volcado de credenciales y la exfiltración de datos. Además, utiliza scripts de PowerShell y Batch, para detección del sistema, reconocimiento y búsqueda de contraseñas. Un resumen de las herramientas que utiliza LockBit es presentado en la siguiente tabla:
| Herramienta | Description |
| Chocolatey | Administrador de paquetes de línea de comandos para Windows. |
| FileZilla | Aplicación de protocolo de transferencia de archivos (FTP) multiplataforma. |
| Impacket | Colección de librerías de Python para trabajar con protocolos de red. |
| MEGA Ltd MegaSync | Herramienta de sincronización basada en la nube. |
| Microsoft Sysinternals ProcDump | Generar volcados de memoria. |
| Microsoft Sysinternals PsExec | Ejecutar un proceso de línea de comandos en un equipo remoto. |
| Mimikatz | Extraer las credenciales del sistema. |
| Ngrok | Se abusa de una herramienta legítima de acceso remoto para eludir las protecciones de la red de la víctima. |
| PuTTY Link (Plink) | Se puede utilizar para automatizar las acciones de Secure Shell (SSH) en Windows. |
| Rclone | Programa de línea de comandos para administrar archivos de almacenamiento en la nube |
| SoftPerfect Network Scanner | Realizar análisis de red. |
| Splashtop | Software de escritorio remoto. |
| WinSCP | Cliente de protocolo de transferencia de archivos SSH para Windows. |
LockBit suele atacar a empresas de alto perfil, buscando generar un impacto crítico a grandes organizaciones, para poder exigir un monto dinero alto, y tener una mayor probabilidad de que la víctima realice el pago de rescate. Se enfoca en atacar a empresas de múltiples sectores, como las de servicios financieros, comida y agricultura, educación, energía, de gobierno y servicios de emergencia, salud, transporte y de manufactura.
Taxonomía de ataque de MITRE ATT&CK
| Táctica | Técnica | ID |
| Initial Access | Valid Accounts | T1078 |
| Initial Access | Exploit External Remote Services | T1133 |
| Initial Access | Drive-by Compromise | T1189 |
| Initial Access | Exploit Public-Facing Application | T1190 |
| Initial Access | Phishing | T1566 |
| Execution | Execution | TA0002 |
| Execution | Software Deployment Tools | T1072 |
| Persistence | Valid Accounts | T1078 |
| Persistence | Boot or Logo Autostart Execution | T1547 |
| Privilege Escalation | Privilege Escalation | TA0004 |
| Privilege Escalation | Boot or Logo Autostart Execution | T1547 |
| Defense Evasion | Obfuscated Files or Information | T1027 |
| Defense Evasion | Indicator Removal: File Deletion | T1070.004 |
| Defense Evasion | Execution Guardrails: Environmental Keying | T1480.001 |
| Credential Access | OS Credential Dumping: LSASS Memory | T1003.001 |
| Discovery | Network Service Discovery | T1046 |
| Discovery | System Information Discovery | T1082 |
| Discovery | System Location Discovery: System Language Discovery | T1614.001 |
| Lateral Movement | Remote Services: Remote Desktop Protocol | T1021.001 |
| Command and Control | Application Layer Protocol: File Transfer Protocols | T1071.002 |
| Command and Control | Protocol Tunnel | T1572 |
| Exfiltration | Exfiltration | TA0010 |
| Exfiltration | Exfiltration Over Web Service | T1567 |
| Exfiltration | Exfiltration Over Web Service: Exfiltration to Cloud Storage | T1567.002 |
| Impact | Data Destruction | T1485 |
| Impact | Data Encrypted for Impact | T1486 |
| Impact | Service Stop | T1489 |
| Impact | Inhibit System Recovery | T1490 |
| Impact | Defacement: Internal Defacement | T1491.001 |
Recomendaciones
- Mantener todos los sistemas y software actualizados para evitar vulnerabilidades.
- Tener filtros de correo electrónico y spam.
- Auditar herramientas de acceso remoto.
- Revisar logs para de ejecución de software de acceso remoto.
- Limitar estrictamente el uso de RDP.
- Concientizar a los empleados sobre los métodos de Phishing e Ingeniería social.
- Realizar copias de seguridad o backups constantemente, manteniéndolos en una ubicación segura.
- Revisar continuamente los privilegios de los usuarios.
- Tener una solución EDR bien configurada.
- Implementar un plan de recuperación.
- Segmentar redes.
- Revise los controladores de dominio, los servidores, las estaciones de trabajo y los directorios activos en busca de cuentas nuevas o no reconocidas.
| Tipo | Indicador de compromiso |
| URL | http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion |
| URL | http://lockbit-decryptor.top |
| URL | http://lockbitks2tvnmwk.onion |
| URL | http://lockbitsap2oaqhcun3syvbqt6n5nzt7fqosc6jdlmsfleu3ka4k2did.onion |
| URL | http://lockbitsup4yezcd5enk5unncx3zcy7kw6wllyqmiyhvanjj352jayid.onion |
| URL | http://ww25.premiumize.com/?subid1=20230317-0430-503a-83b1-1bf8136db58b |
| URL | http://www.bit.ly/secure-net |
| URL | https://bigblog.at |
| IPv4 | 185.86.76.30 |
| IPv4 | 81.161.229.120 |
| IPv4 | 82.118.21.1 |
| IPv4 | 91.215.85.183 |
| hostname | 265.pineapplebuilder.com |
| hostname | info.openjdklab.xyz |
| hostname | www.premiumize.com |
| FileHash-SHA256 | 0d38f8bf831f1dbbe9a058930127171f24c3df8dae81e6aa66c430a63cbe0509 |
| FileHash-SHA256 | 80e8defa5377018b093b5b90de0f2957f7062144c83a09a56bba1fe4eda932ce |
| FileHash-SHA256 | a56b41a6023f828cccaaef470874571d169fdb8f683a75edd430fbd31a2c3f6e |
| FileHash-SHA256 | 35f971f9f84af8f4a42c97d6258c251e213f99741c1cfadfabbd5f1204e5658e |
| FileHash-SHA256 | 2308cef810b30ccb5be11fc664ce51b41bb6cee703f09d0a348771cf11f4dc9e |
| FileHash-SHA256 | 18f0898d595ec054d13b02915fb7d3636f65b8e53c0c66b3c7ee3b6fc37d3566 |
| FileHash-SHA256 | 307eb30c7d3640ca11f564b1dbbb7a133236c3c9b45192ddcb317477a9f54b59 |
| FileHash-SHA256 | 18229920a45130f00539405fecab500d8010ef93856e1c5bcabf5aa5532b3311 |
| FileHash-SHA256 | d833c23bad7b1988832524bce8a6355c97d031bb3852f671e52fdf9024bd6ec0 |
| FileHash-SHA256 | 107d9fce05ff8296d0417a5a830d180cd46aa120ced8360df3ebfd15cb550636 |
| FileHash-SHA256 | 2f18e61e3d9189f6ff5cc95252396bebaefe0d76596cc51cf0ade6a5156c6f66 |
| FileHash-SHA256 | 4f61f20fa1edfd0ce1de2ca8110c725c9d9c16a9680748c12042a3302054fc72 |
| FileHash-SHA256 | 76a77def28acf51b2b7cdcbfaa182fe5726dd3f9e891682a4efc3226640b9c78 |
| FileHash-SHA256 | 47060339e9d434f361ea750916a3980bd308995c4980c91e069d0b7a664a91af |
| FileHash-SHA256 | c8205792fbc0a5efc6b8f0f2257514990bfaa987768c4839d413dd10721e8871 |
| FileHash-SHA256 | 271fcf35f2da45bd6ea567f86cd1ec5179905f2bdd70c392aad76433890a525b |
| FileHash-SHA256 | c597c75c6b6b283e3b5c8caeee095d60902e7396536444b59513677a94667ff8 |
| FileHash-SHA256 | 4729c83292e034642fd1081ddd4d0329bc9f57b9be989b647a025ffacdd55036 |
| FileHash-SHA256 | 13feaa32e4b03ede8799e5bee6f8d54c3af715a6488ad32f6287d8f504c7078b |
| FileHash-SHA256 | c50183eed715ec2392249e334940acf66315797a740a8fe782934352fed144c6 |
| FileHash-SHA256 | 7391bbd59330e79f8ee4a01e5ed20df5ab183737f2b91f926b649facd8d2d278 |
| FileHash-SHA256 | 0a937d4fe8aa6cb947b95841c490d73e452a3cafcd92645afc353006786aba76 |
| FileHash-SHA256 | 286bffaa9c81abfb938fe65be198770c38115cdec95865a241f913769e9bfd3f |
| FileHash-SHA256 | 98e4c248377b5b62121c7b9ef20fc03df3473cbd886a059998f4210e8df07f15 |
| FileHash-SHA256 | c3ec60b8052e31db149c35080afea5b57b1e8a034386555d12035eb5edefdd68 |
| FileHash-SHA256 | e8a3e804a96c716a3e9b69195db6ffb0d33e2433af871e4d4e1eab3097237173 |
| FileHash-SHA256 | 5072678821b490853eff0a97191f262c4e8404984dd8d5be1151fef437ca26db |
| FileHash-SHA256 | ca57455fd148754bf443a2c8b06dc2a295f014b071e3990dd99916250d21bc75 |
| FileHash-SHA256 | bdfac069017d9126b1ad661febfab7eb1b8e70af1186a93cb4aff93911183f24 |
| FileHash-SHA256 | ec88f821d22e5553afb94b4834f91ecdedeb27d9ebfd882a7d8f33b5f12ac38d |
| FileHash-SHA256 | 03b8472df4beb797f7674c5bc30c5ab74e8e889729d644eb3e6841b0f488ea95 |
| FileHash-SHA256 | afa34857ee7f04b10339ac05aaea308c4c8069f1364fb1baba2eb758eee3fa89 |
| FileHash-SHA256 | b09a92dedbcb8d5faed6fcc2194ebaa24da601376b47e1edf705519a7860964e |
| FileHash-SHA256 | b21599f39223409e059cd2066a80832f305854e7d12b5ed3401d47a32ac962eb |
| FileHash-SHA256 | b2c372a45e2087683d510a8c9b84226243541f856b7c4dc14f42a20d1d76e4b6 |
| FileHash-SHA256 | b38943f777ec2cb42abe5ef35b5d2933ce65e3aa3915d7d62bc1cd75c7586886 |
| FileHash-SHA256 | b875051a6d584b37810ea48923af45e20d1367adfa94266bfe47a1a35d76b03a |
| FileHash-SHA256 | b951e30e29d530b4ce998c505f1cb0b8adc96f4ba554c2b325c0bd90914ac944 |
| FileHash-SHA256 | ba110536613c50460ff5be6413d2f58bbe80ba3fee809ff6a27a2c7d13a47e91 |
| FileHash-SHA256 | bc117caad6093d463777f8c897330e46b1217619dd2cc25ce9971266bf84708c |
| FileHash-SHA256 | bd0af9faa881b92dfd20776b5d862e0836b493e929d289d48c6e8a2da80d8a63 |
| FileHash-SHA256 | bd14872dd9fdead89fc074fdc5832caea4ceac02983ec41f814278130b3f943e |
| FileHash-SHA256 | bea7aed0dfbf7ce7491d7c8cfed35a2e626fbd345bb7425a34dae6f5894629b1 |
| FileHash-SHA256 | c1b9cdb3bf0861432ef8520ee44d5273605eeb8a1ee492427ab2a21039b5102a |
| FileHash-SHA256 | c20d8ce3809123923b8897c97f251a766b5b56b61bd89134cb986ff10c2a309e |
| FileHash-SHA256 | c2529655c36f1274b6aaa72911c0f4db7f46ef3a71f4b676c4500e180595cac6 |
| FileHash-SHA256 | c6861032317562532c21e373b88efacdc1307c8a3efce8c8992584171157ebed |
| FileHash-SHA256 | ca6abfa37f92f45e1a69161f5686f719aaa95d82ad953d6201b0531fb07f0937 |
| FileHash-SHA256 | cb29c6fbd085407e0e8a58e7cd6512c8c5dfa06f88fdeeb9a66d025fdfc6dd32 |
| FileHash-SHA256 | cc3d006c2b963b6b34a90886f758b7b1c3575f263977a72f7c0d1922b7feab92 |
| FileHash-SHA256 | ced3de74196b2fac18e010d2e575335e2af320110d3fdaff09a33165edb43ca2 |
| FileHash-SHA256 | d259be8dc016d8a2d9b89dbd7106e22a1df2164d84f80986baba5e9a51ed4a65 |
| FileHash-SHA256 | d440e4494adcfd94004e9ead2adcaaaf22696c71fc51246b881d628567ce1111 |
| FileHash-SHA256 | d47e2b72f71a35a201156f6611a934b391d52629a378587fb67bbb351dd50269 |
| FileHash-SHA256 | d52f0647e519edcea013530a23e9e5bf871cf3bd8acb30e5c870ccc8c7b89a09 |
| FileHash-SHA256 | d59df9c859ccd76c321d03702f0914debbadc036e168e677c57b9dcc16e980cb |
| FileHash-SHA256 | d65225dc56d8ff0ea2205829c21b5803fcb03dc57a7e9da5062cbd74e1a6b7d6 |
| FileHash-SHA256 | d69eb6ed2fc99a7f67593deebd90818b5dce3df51e0b58e916571472a523dd5b |
| FileHash-SHA256 | d79f5fe23a82b67205037c268f2fed92d727bf4215b20fa21c8a765e20661362 |
| FileHash-SHA256 | de052ce06fea7ae3d711654bc182d765a3f440d2630e700e642811c89491df72 |
| FileHash-SHA256 | e05ad49bce21fa7a5c6f45327e195d04076e69fd03900b4e43cd921f4e33df2d |
| FileHash-SHA256 | e25f83836e90fe17ed5d57516219373f0c4dcf0210638501223b63091d1fc6c3 |
| FileHash-SHA256 | e5d65e826b5379ca47a371505678bca6071f2538f98b5fef9e33b45da9c06206 |
| FileHash-SHA256 | e9b33a2f96b60f710e14d29cb38371b587094cfc4378276eebb9701d74cd3f71 |
| FileHash-SHA256 | ea6d4dedd8c85e4a6bb60408a0dc1d56def1f4ad4f069c730dc5431b1c23da37 |
| FileHash-SHA256 | ebb0eef588b985db1706cdc340f9da416163481928b2429df864cae800e1a9ad |
| FileHash-SHA256 | eda0328bfd45d85f4db5dbb4340f38692175a063b7321b49b2c8ebae3ab2868c |
| FileHash-SHA256 | f03584ecdee29e63dee1b7bf2347f605d1e1d6379a8f55e9a85c6a329bf3967b |
| FileHash-SHA256 | f4ab473dcb45beb8cb01ad616422c05a45134c6b028f310f06543e2c33584cef |
| FileHash-SHA256 | fbb8f0231c666f7b1bfb9256b60b73bc3f44779eb2865b040ca01a3d0a4e1140 |
| FileHash-SHA256 | fd16dc8f75dfd183e49d82f5bceae13b928dce96a2c60f361fbb35d9072ee644 |
| FileHash-SHA1 | f00a8750a82a4e84417a2c420a6365ecf6be98e4 |
| FileHash-SHA1 | f2a72bee623659d3ba16b365024020868246d901 |
| FileHash-SHA1 | 0a2b31fea0653c18357910d4196d892f59480056 |
| FileHash-SHA1 | 31683118030de074b85e34cbbf7fb6395a26697f |
| FileHash-SHA1 | 52332ce16ee0c393b8eea6e71863ad41e3caeafd |
| FileHash-SHA1 | f88a948b0fd137d4b14cf5aec0c08066cb07e08d |
| FileHash-SHA1 | c1bd4bc1e9408b95f5e63323a463a5dc84f76fba |
| FileHash-SHA1 | f05e71ed0e4a779fc30c3d732b07e15d56f8e3bc |
| FileHash-SHA1 | 4e4d24f5d231434b9b0219fd7c5142c0c2ca1f08 |
| FileHash-SHA1 | fa494a94864c20c875212a473d02b23640ffd468 |
| FileHash-SHA1 | bf02ef3db484122b551da73ce83c2aac79bbd2fc |
| FileHash-SHA1 | 203bff21acfbe004c25b63cb56320282e19d1bce |
| FileHash-SHA1 | 6cddeac906b3b691c611178b577a9379cfeaa401 |
| FileHash-SHA1 | 835030d4709ef6a2a408d0a6d0fe59c0db228000 |
| FileHash-SHA1 | 462e39e554bd3abb9ecdcec92d861b315f1efb77 |
| FileHash-SHA1 | 25c00c6e9303537b59ff8db85f561ce70ae6ee67 |
| FileHash-SHA1 | db0a70ae01257702bc438e983e73b549b08cb3d4 |
| FileHash-SHA1 | 360d7d14d65354a669cd56d6240a18b900a25425 |
| FileHash-SHA1 | a72e18efa33f1e3438dbb4451c335d487cbd4082 |
| FileHash-SHA1 | 5503f0eac6b16671ff1e2a6f0952b01e4147a2a3 |
| FileHash-SHA1 | f6e8feb1eb645e122de8bded0360ee9ecdafc823 |
| FileHash-SHA1 | 02ea524429ba2aefac63fed27e924ab3659f8c00 |
| FileHash-SHA1 | 0815277e12d206c5bbb18fd1ade99bf225ede5db |
| FileHash-SHA1 | 091b490500b5f827cc8cde41c9a7f68174d11302 |
| FileHash-SHA1 | 10039d5e5ee5710a067c58e76cd8200451e54b55 |
| FileHash-SHA1 | 106e514b730bb30dca917d850ebc070afa4139de |
| FileHash-SHA1 | 199d193f31fd7d117070a66e89c4839dddd513b2 |
| FileHash-SHA1 | 1cc94ee0279751fbfd6e598e9a084ce6ee957894 |
| FileHash-SHA1 | 1e67a38122edce5e1927afefe49da03a08465f19 |
| FileHash-SHA1 | 1ef54b3a0587fa0842600aee5ae00815191a1641 |
| FileHash-SHA1 | 28e07921707babcaee2a40f7bbbcd3d31aee9284 |
| FileHash-SHA1 | 32de69b2e7a7850cc805c91bb66ab8510babcdaf |
| FileHash-SHA1 | 3c7b7f750cf706abc5b7a289a9f714c754f990c1 |
| FileHash-SHA1 | 3f55428bcd35e4d58dd2458b8cae6029b158b460 |
| FileHash-SHA1 | 419a7631f06ed78a711f18323f5dee882daaa409 |
| FileHash-SHA1 | 4a60125f0964f4992471c37d606fb0fdb4d98eb6 |
| FileHash-SHA1 | 54d8fcda2b9fe4d89668759011f83cbcfcdb18eb |
| FileHash-SHA1 | 5835841e25648901b8e9b15447873db4ffb9192c |
| FileHash-SHA1 | 635e321bcab27f22e0303da26198ac90381608a4 |
| FileHash-SHA1 | 63632224f977aaaa1c7d88be65cf16878b4bef56 |
| FileHash-SHA1 | 68303078cfa1219c7cfad888a42dc4e59c0f9b80 |
| FileHash-SHA1 | 6b5cddfa7fe212acd44adfe08a1c5f4492008b33 |
| FileHash-SHA1 | 729eb505c36c08860c4408db7be85d707bdcbf1b |
| FileHash-SHA1 | 7bc615e2bd5e620d215c24a9804ead4a11589e59 |
| FileHash-SHA1 | 82bd4273fa76f20d51ca514e1070a3369a89313b |
| FileHash-SHA1 | 9141cfdb7edb3330e405694a581caaedbc7d99d6 |
| FileHash-SHA1 | 939ff7e5eeaccb0c2f4ee080a8e403e532b6317a |
| FileHash-SHA1 | 97b148c27f3da29ba7b18d6aee8a0db9102f47c9 |
| FileHash-SHA1 | 9c1142122370c9b28b13aa147c6e126b3be50845 |
| FileHash-SHA1 | a415fd0c932145988017569fc4d99e2e207c5892 |
| FileHash-MD5 | 02cc6abccbf975c8da1fbb4d1c4c2f54 |
| FileHash-MD5 | 48562ef15cc5e8c69c26312bae7bf3d6 |
| FileHash-MD5 | 749892c32f0e77ea84a690562234e2c5 |
| FileHash-MD5 | 84866fca8a5ceb187bca8e257e4f875a |
| FileHash-MD5 | 8ab0375228416b89becff72a0ae40654 |
| FileHash-MD5 | 543084e10b97df2574b45060b006e8f5 |
| FileHash-MD5 | 719a93419dd5123b52961a076d283f21 |
| FileHash-MD5 | 9a246bf39f3fab9c2d45f1003bdc6b45 |
| FileHash-MD5 | 9b905a490a98cd8edf2e4b09ac8676ab |
| FileHash-MD5 | c15c6adc8c923ad87981f289025c37b2 |
| FileHash-MD5 | 6dc27523eb048bb7197bfdf39d6d15dd |
| FileHash-MD5 | c02b805c725eb68f7bddd95aeaab41b1 |
| FileHash-MD5 | 4d7bc02fe04b87e4369f97b3918fff9b |
| FileHash-MD5 | 60bf4ae8cc40b0e3e28613657ed2eed8 |
| FileHash-MD5 | 9671babf2f07330a1a519764ef26d144 |
| FileHash-MD5 | 0859a78bb06a77e7c6758276eafbefd9 |
| FileHash-MD5 | 207718c939673a5f674ce51f402cfc06 |
| FileHash-MD5 | 744b0a65d7c7c43419e98bcd877be0fc |
| FileHash-MD5 | ec273b5841eadfc43b1908c9905e95a3 |
| FileHash-MD5 | f91095ae0e0632b0f630e0c4eb12ba10 |
| FileHash-MD5 | c9a478c4a5b1b945cd49c1ee077a4956 |
| FileHash-MD5 | 294e9f64cb1642dd89229fff0592856b |
| FileHash-MD5 | 6fc418ce9b5306b4fd97f815cc9830e5 |
| FileHash-MD5 | b7f1120bcff47ab77e74e387805feabe |
| FileHash-MD5 | 2831b37cf521848142e8a5d69515b065 |
| FileHash-MD5 | 5cf8fc798a1e52e849db69d5ba3b9700 |
| FileHash-MD5 | ea9bb72f08dd7260d553490392739596 |
| FileHash-MD5 | f56b9eb59cd0ecca55f1041b0c36e0c0 |
| FileHash-MD5 | 628e4a77536859ffc2853005924db2ef |
| FileHash-MD5 | 03b14473eef5b7e38d9a5041c1af0a76 |
| FileHash-MD5 | d5854b99391a49d6dd0f35b9adcc0fae |
| FileHash-MD5 | 9e118e7d14dab6b791dd5758f4af0e45 |
| FileHash-MD5 | c20482c114ed838c1c613b6da912178f |
| FileHash-MD5 | c2bc344f6dde0573ea9acdfb6698bf4c |
| FileHash-MD5 | cfdf045bf9852af8593628ad1fc5ca94 |
| FileHash-MD5 | d0e4318c00a5f0e7dd922489b0de64af |
| FileHash-MD5 | e1a3b9ae380865201aef8ff892bcbf73 |
| FileHash-MD5 | ea4ee28880136cbc44dff4ad5a53561f |
| FileHash-MD5 | ed935c13170a4af0649cfada8d076c9c |
| FileHash-MD5 | efc213fccc8fe9204ce1af92febfdbbb |
| FileHash-MD5 | f04e57b5e17b53ffbf12a817da5c9dca |
| FileHash-MD5 | f68f6ae996370de813845da89f0111ab |
| FileHash-MD5 | f82762214b095a7508be150c6de5579c |
| FileHash-MD5 | f9073cc6566ba11318b425a761f1ce17 |
| [email protected] | |
| domain | abe-brands.de |
| domain | abro.se |
| domain | k-toko.com |
| domain | kyocera-avx.com |
| domain | license.md |
| domain | lockbit7z2jwcskxpbokpemdxmltipntwlkmidcll2qirbu7ykg46eyd.onion |
| domain | lockbitapt2d73krlbewgv27tquljgxr33xbwwsp6rkyieto7u4ncead.onion |
| domain | lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion |
| domain | lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion |
| domain | lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion |
| domain | lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion |
| domain | lockbitapt72iw55njgnqpymggskg5yp75ry7rirtdg4m7i42artsbqd.onion |
| domain | lockbitaptawjl6udhpd323uehekiyatj6ftcxmkwe5sezs4fqgpjpid.onion |
| domain | lockbitaptbdiajqtplcrigzgdjprwugkkut63nbvy2d5r4w2agyekqd.onion |
| domain | lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion |
| domain | lockbit-decryptor.top |
| domain | lockbitks2tvnmwk.onion |
| domain | lockbitsap2oaqhcun3syvbqt6n5nzt7fqosc6jdlmsfleu3ka4k2did.onion |
| domain | lockbitsup4yezcd5enk5unncx3zcy7kw6wllyqmiyhvanjj352jayid.onion |
| domain | lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onion |
| domain | lockbitsupdwon76nzykzblcplixwts4n4zoecugz2bxabtapqvmzqqd.onion |
| domain | lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion |
| domain | lockbitsupo7vv5vcl3jxpsdviopwvasljqcstym6efhh6oze7c6xjad.onion |
| domain | lockbitsupq3g62dni2f36snrdb4n5qzqvovbtkt5xffw3draxk6gwqd.onion |
| domain | lockbitsupqfyacidr6upt6nhhyipujvaablubuevxj6xy3frthvr3yd.onion |
| domain | lockbitsupt7nr3fa6e7xyb73lk6bw6rcneqhoyblniiabj4uwvzapqd.onion |
| domain | lockbitsupuhswh4izvoucoxsbnotkmgq6durg7kficg6u33zfvq3oyd.onion |
| domain | lockbitsupxcjntihbmat4rrh7ktowips2qzywh6zer5r3xafhviyhqd.onion |
| domain | lqtbg.com.cn |
| domain | lssny.org |
| domain | lubrimetal.com |
| domain | luxeprint.com.tw |
| domain | mandirisekuritas.co.id |
| domain | marshallconstruction.co.uk |
| domain | marugokiso.co.jp |
| domain | mbwswim.com |
| domain | meatel.com |
| domain | medellin.gov.co |
| domain | medmark.eg |
| domain | meinet.com |
| domain | melorita.com |
| domain | merlinpcbgroup.com |
| domain | metronottevigilanza.it |
| domain | midipapierspeints.fr |
| domain | mtrx.com |
| domain | multicareinc.com |
Referencias
- Cavazos, A. (Junio 2, 2023). UN NUEVO ENFOQUE PARA LOCKBIT. Alestra CERT. Recuperado el 25 de enero de 2024 en: https://alestracert.com.mx/blog/post/29
- Puente, B. (Junio 2, 2023). LOCKBIT GANG 3.0. Alestra CERT. Recuperado el 25 de enero de 2024 en: https://alestracert.com.mx/blog/post/112
- #StopRansomware: LockBit 3.0 | CISA. (2023, 16 marzo). Cybersecurity and Infrastructure Security Agency CISA. https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-075a
- Understanding ransomware threat actors: LockBit | CISA. (2023, 14 junio). Cybersecurity and Infrastructure Security Agency CISA. https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-165a
- Meskauskas, T. (2024, 3 enero). LockBit 3.0 ransomware. Decryption, removal, and lost files recovery (updated). https://www.pcrisk.com/removal-guides/24242-lockbit-3-0-ransomware
- Kovacs, E. (2024, 23 enero). Subway Sandwich Chain investigating ransomware Group’s claims. SecurityWeek. https://www.securityweek.com/sandwich-chain-subway-investigating-ransomware-groups-claims/
- Hope, A. (2024, 24 enero). LockBit ransomware attacks Foxconn subsidiary FoxSemicon and stole terabytes of data. CPO Magazine. https://www.cpomagazine.com/cyber-security/lockbit-ransomware-attacks-foxconn-subsidiary-foxsemicon-and-stole-terabytes-of-data/
- Ozarslan, S., PhD. (2023, 24 marzo). LockBit ransomware gang. Picus Security. https://www.picussecurity.com/resource/lock-bit-ransomware-gang
- https://www.ransom-db.com/ransomware-groups
