BlackBerry Threat Intelligence has identified a new Ransomware-as-a-Service (Raas) family, and tracked its lineage to its probable beta stage release. Like so many other strains of ransomware, LokiLocker encrypts your files and will render your machine unusable if you don’t pay up in time. However, like its namesake god Loki, this threat seems to have a few subtle tricks up its sleeve – not least being a potential “false flag” tactic that points the finger at Iranian threat actors.
In Norse mythology, Loki was the consummate trickster who had the ability to shapeshift at will. One of the many hot-headed fire gods, Loki was an enemy to the other gods themselves, often entering their banquets uninvited and demanding their food and drink. LokiLocker is similarly insistent on acquiring that to which it has no legitimate claim.
LokiLocker is a relatively new ransomware family targeting English-speaking victims and Windows® PCs; the threat was first seen in the wild in mid-August 2021. It shouldn’t be confused with an older ransomware family called Locky, which was notorious in 2016, or LokiBot, which is an infostealer. It shares some similarities with the LockBit ransomware (registry values, ransom note filename), but it doesn’t seem to be its direct descendant.
Source: BlackBerry Threat Intelligence