Skip to content

Hide Navigation Hide TOC

LockBit (8eda8bf1-db5a-412d-8511-45e2f7621d51)

LockBit operators tend to be very indiscriminate and opportunistic in their targeting. Actors behind this attack will use a variety of methods to gain initial access, up to and including basic methods such as brute force. After gaining initial access the actor follows a fairly typical escalation, lateral movement and ransomware execution playbook. LockBit operators tend to have a very brief dwell time, executing the final ransomware payload as quickly as they are able to. LockBit ransomware has the built-in lateral movement features; given adequate permissions throughout the targeted environment.

Cluster A Galaxy A Cluster B Galaxy B Level
Lockbit3 (c09f73fd-c3c3-42b1-b355-b03ca4941110) Ransomware LockBit (8eda8bf1-db5a-412d-8511-45e2f7621d51) Ransomware 1