Executive Summary
- As LockBit ransomware group has been updated twice without rebranding for a long time and continues to strengthen their brand reputation with their recently announced update to 3.0.
- As a result, the copycat groups that imitate LockBit ransomware’s logo or the chat site was discovered, and they are operating under the names of “SolidBit” and “CryptOn”, respectively.
- SolidBit is a variant of Yashma ransomware, and it is believed that the SolidBit ransomware group is currently working with the original developer of the Yashma ransomware.
- It has not been confirmed whether CryptOn is running a ransomware campaign yet, but the leak site they are operating is very similar to that of operated by the other groups.
- Neither group has confirmed any connection with LockBit ransomware, and it seems that they are trying to exploit the reputation of LockBit ransomware group.
👉You can read the full report in S2W Blog: