Two Copycats of LockBit Ransomware: SolidBit and CryptOn

Date 2022. 07. 04

Executive Summary

  • As LockBit ransomware group has been updated twice without rebranding for a long time and continues to strengthen their brand reputation with their recently announced update to 3.0.
  • As a result, the copycat groups that imitate LockBit ransomware’s logo or the chat site was discovered, and they are operating under the names of “SolidBit” and “CryptOn”, respectively.
  • SolidBit is a variant of Yashma ransomware, and it is believed that the SolidBit ransomware group is currently working with the original developer of the Yashma ransomware.
  • It has not been confirmed whether CryptOn is running a ransomware campaign yet, but the leak site they are operating is very similar to that of operated by the other groups.
  • Neither group has confirmed any connection with LockBit ransomware, and it seems that they are trying to exploit the reputation of LockBit ransomware group.