Details about the tactics, techniques, and procedures (TTPs) used by a ransomware affiliate group known as Lockean have been released by the French Computer Emergency Response Team (CERT). According to the French CERT, the group is responsible for at least eight attacks in the past year and a half that have targeted French companies, stealing data and deploying malware from ransomware-as-a-service (RaaS) operations. The group was seen deploying various ransomware families including Maze, Egregor, ProLock, and REvil. According to researchers, the group gained initial access in most attacks using the Qbot/QakBot banking trojan. Qbot was spread through emails from the Emotet Botnet, which has since been taken down, along with other malware distribution platforms.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is