Lock -(B)- it : A Tale of Ransomware
EXECUTIVE SUMMARY
* LockBit is one of the world's most active ransomware group connected to various high-profile attacks. This Blog consists of below Intel related to LockBit Group
• LockBit & Underground Forums
• Affiliates & Partners
• LockBit Blog - Leaked Data's
• LockBit's Builder
LOCKBIT & UNDERGROUND FORUMS
* LockBit's presence in reputed Russian Underground Forums allows it to Hire affiliates for their ransomware & other malware developers as per need.
Some of the most interesting profiles are posted below.
Profiles
(LockBit's Profile on one of the top russian underground forums) |
(LockBit's Profile on other Russian board) |
(LockBit's post's on Same Underground Forum) |
|
AFFILIATES & PARTNERS
* As a RaaS Model , LockBit requires affiliates to get initial access in an Organization . Mostly likely the deal will be in % on a successful attack, where affiliate receives greater percent when compared to lockbit.
LockBit and their other competitors such as Hive , Revil , AvosLocker etc utilizes the same RaaS Model.
P.o.V : When things gone wrong , Affiliate panel might endup getting leaked ;)
Affiliate Panel Leaks
(StealBit Builder) |
(LockBit Builder - Black) |
(Lockbit Linux / ESXI version Builder) |
LOCKBIT's BLOG - LEAKED DATA's
Interface of LockBit Leak Site
Security Firm Darktrace Leaks on LockBit
Onion Mirror
* LockBit has 9 tor Mirror sites & 24 server mirror sites & 9 chat reserve mirror with ANTI DDOS protection.
Bug Bounty
* LockBit Mostly like offer's Bug Bounty for the VULN's found on Ransomware , Tor webpage , Doxing , The payout will be cypto (BTC , XMR , ZCASH)
LOCKBIT's BUILDERLeak
* Recent leaks of LockBit Builder by unknown on twitter URL : https://github.com/3xp0rt/LockBit-Black-Builder