Industry: N/A | Level: Tactical | Source: Blackberry
LokiLocker is a new ransomware operation that has been slowly making itself known. Blackberry’s Research and Intelligence Team said it was first seen in the wild Mid-August 2021. LokiLocker is a ransomware-as-a-service (RaaS) and shares some similarities to LockBit, but doesn’t seem to be a direct descendant. Blackberry researchers estimate that LokiLocker currently has around 30 affiliates. LokiLocker also boasts an optional wiper functionality – if the victim doesn’t pay up in the timeframe specified by the attacker, all non-system files will be deleted and the MBR overwritten, wiping all the victim’s files and rendering the system unusable.
- Anvilogic Use Cases:
- Windows Firewall Diasabled
- Windows Defender Disabled Detection
- Create/Modify Schtasks
- New AutoRun Registry Key
- Service Stop Commands