LokiLocker

Industry: N/A | Level: Tactical | Source: Blackberry

LokiLocker is a new ransomware operation that has been slowly making itself known. Blackberry’s Research and Intelligence Team said it was first seen in the wild Mid-August 2021. LokiLocker is a ransomware-as-a-service (RaaS) and shares some similarities to LockBit, but doesn’t seem to be a direct descendant. Blackberry researchers estimate that LokiLocker currently has around 30 affiliates. LokiLocker also boasts an optional wiper functionality – if the victim doesn’t pay up in the timeframe specified by the attacker, all non-system files will be deleted and the MBR overwritten, wiping all the victim’s files and rendering the system unusable.

• Anvilogic Use Cases:
• Windows Firewall Diasabled
• Windows Defender Disabled Detection
• Create/Modify Schtasks
• New AutoRun Registry Key
• Service Stop Commands