2023Lock is the third (technically fourth) in a line of ransomware beginning with Zeoticus in December 2019. Following Zeoticus was Zeoticus 2.0 and then Venus, which is remarkably different from Zeoticus. Hence the mention of "technically fourth." It uses the same encryption mechanisms as Zeoticus and Zeoticus 2.0 - XChaCha combined with curve25519xsalsa20poly1305. After encryption, 2023Lock appends the ".2023lock" file extension on files and drops two ransom notes: README.html and README.txt. It also drops an HTA file to provide decryption instructions. 2023Lock is very similar to TrinityLock, which proceeded 2023Lock. So much so that these two are often just called TrinityLock. However, we see 2023Lock as more of a TrinityLock beta. As such, we have created this entry here.
Ransomware - 2023Lock
2023Lock
Decryptor Available
No
Description
Ransomware Type
Crypto-Ransomware
First Seen
Last Seen
Lineage
Extortion Links
Medium
Link
TOR
http://txtggyng5euqkyzl2knbejwpm4rlq575jn2egqldu27osbqytrj6ruyd.onion
Encryption
Type
Hybrid
Files
XChaCha20
Additional Encryption
curve25519xsalsa20poly1305
File Extension
<file name>.<file extension>.2023lock
Ransom Note Name
<20 random numbers>.hta
README.html
README.txt
Ransom Note Image
Samples (SHA-256)
a144e13c33e96b8fb6ed3b3849a613645554a14b000c316241f3bcdde74a83d1
References & Publications
Broadcom: 2023Lock Ransomware
PCrisk: 2023Lock Ransomware