Cyber SecurityNews

Indicators of Compromise Associated with LockBit 2.0 Ransomware

The Federal Bureau of Investigation has released indicators of compromise (IOCs) associated with the LockBit 2.0 ransomware.

LockBit 2.0 operates as an affiliate-based Ransomware-as-a-Service (RaaS) and employs a wide variety of tactics, techniques, and procedures (TTPs), creating significant challenges for defense and mitigation. LockBit 2.0 ransomware compromises victim networks through a variety of techniques, including, but not limited to, purchased access, unpatched vulnerabilities, insider access, and zero day exploits.

After compromising a victim network, LockBit 2.0 actors use publicly available tools such as Mimikatz to escalate privileges. The threat actors then use both publicly available and custom tools to exfiltrate data followed by encryption using the Lockbit malware. The actors always leave a ransom note in each affected directory within victim systems, which provides instructions on how to obtain the decryption software. The ransom note also threatens to leak exfiltrated victim data on the LockBit 2.0 leak site and demands a ransom to avoid these actions.

You can read the full document here –

IP Addresses

Luke Simmonds

Blogger at

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.