Warlock
(Active)
Description
The Warlock ransomware and operator(s) are believed to be attributed to Storm-2603, a China-based threat actor who is also known to have deployed LockBit ransomware. There's also a crossover between victims with Black Basta. Both are RaaS and have a long list of known and unknown affiliates. Having said that, this is possibly an affiliate (likely a cybergroup) of both of those groups. The Alliance & Association would technically be Encryptor Sharing, but this is realistically more of an "Old Affiliate" that created their own ransomware encryptor and operation.
Research shows the group leveraged the ToolShell exploit chain.
This entry is under construction. However, we have included some details below.
Ransomware Type
Crypto-Ransomware
Data Broker
Country of Origin
China
First Seen
Threat Actors
Type
Actor
Cybergroup
Storm-2603
Alliances & Associations
Type
Alliance/Association
Encryptor Sharing
Black Basta
Encryptor Sharing
LockBit
Extortion Links
Medio
Enlace
DLS File Server
http://ocwjy4ynmpbbzhumh2ama2vl3bc77lf5auqf7nf4k45lbmzoep2rbyid.onion
TOR
http://elqfbcx5nofwtqfookqml7ltx2g6q6tmddys6e25vgu3al2meim6cbqd.onion
TOR
http://zfytizegsze6uiswodhbaalyy5rawaytv2nzyzdkt3susbewviqqh7yd.onion
Extortion Types
Data Auctions
Direct Extortion
Double Extortion
Free Data Leaks
Communication
Medio
Identificador
Tox
3DCE1C43491FC92EA7010322040B254FDD2731001C2DDC2B9E819F0C946BDC3CD251FA3B694A
Tox
84490152E99B9EC4BCFE16080AFCFD6FDCD87512027E85DB318F7B3440982637FC2847F71685
Tox
F79A71AD8BB2E3E7EDFC38970FDC05E922E429B5DFC325C7D0E91F216DE8F3537C1A1C97F197
File Extension
<file name>.<file extension>.x2anylock
Ransom Note Name
How to decrypt my data.txt
Samples (SHA-256)
da8de7257c6897d2220cdf9d4755b15aeb38715807e3665716d2ee761c266fdb
Known Victims(28)
| Industry Sector | País | Extortion Date | Amount (USD) |
|---|---|---|---|
| Conglomerate | Mauritius | ||
| Electronics | Germany | ||
| Chemical | Portugal | ||
| Professional Services | Vietnam | ||
| Manufacturing | Germany | ||
| Banking & Finance | India | ||
| Conglomerate | United States | ||
| Government | Portugal | ||
| Government | Croatia | ||
| Banking & Finance | China | ||
| Food & Beverage | Canada | ||
| Engineering Services | United States | ||
| Unknown | Unknown | ||
| Aerospace & Aviation | Poland | ||
| Education | United States | ||
| Unknown | Unknown | ||
| Unknown | Unknown | ||
| Architectural Services | United States | ||
| Construction & Home Improvement | United States | ||
| Unknown | Unknown | ||
| Unknown | Unknown | ||
| Unknown | Unknown | ||
| Unknown | Unknown | ||
| Unknown | Unknown | ||
| Unknown | Unknown | ||
| Unknown | Unknown | ||
| Unknown | Unknown | ||
| Unknown | Unknown |
References & Publications