Ransomware.live: warlock

Contact us Buy Me a Coffee

Sponsored by Hudson Rock – Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are leading to ransomware attacks

The Warlock ransomware and operator(s) are believed to be attributed to Storm-2603, a China-based threat actor who is also known to have deployed LockBit ransomware. There's also a crossover between victims with Black Basta. Both are RaaS and have a long list of known and unknown affiliates. Having said that, this is possibly an affiliate (likely a cybergroup) of both of those groups. The Alliance & Association would technically be Encryptor Sharing, but this is realistically more of an "Old Affiliate" that created their own ransomware encryptor and operation.

Extension(s): .x2anylock

Victims

78

First Discovered

2025-06-11

victim

Last Discovered

2025-11-06

victim

Inactive Since

194

days

Avg Delay

27.1

days

Infostealer

27.7%

victims with domain

Countries

34

hit

View Victims on World Map View Group Statistics

Attack Velocity — Last 12 months

Known Locations (4)

Favicon	Title	Type	Available	Last Visit	Server Info	FQDN
	Warlock Client Leaked Data Show		No	2026-04-28T07:22:15		`elqfbcx5nofwtqfookqml7ltx2g6q6tmddys6e25vgu3al2meim6cbqd.onion`
	WarLock Client Data Leak Show		No	2026-04-28T07:24:49		`zfytizegsze6uiswodhbaalyy5rawaytv2nzyzdkt3susbewviqqh7yd.onion`
			No	2026-04-28T07:27:23		`ocwjy4ynmpbbzhumh2ama2vl3bc77lf5auqf7nf4k45lbmzoep2rbyid.onion`
	WarLock Client Data Leak Show		Yes	2026-05-19T13:08:46		`warlockhga5iw3t54ps5iytlilf7hlvxy7kwrkidspn4qoh64s4vsuyd.onion`

Target

Heatmap

Ransom Notes (2)

Tools Used

This information is provided by Ransomware-Tool-Matrix
Discovery	RMM Tools	Defense Evasion	Credential Theft	OffSec	Networking	LOLBAS	Exfiltration
Everything.exe SecurityCheck placeholder placeholder placeholder placeholder placeholder placeholder	Radmin TightVNC placeholder placeholder placeholder placeholder placeholder placeholder	Antiy System In-Depth Analysis Toolkit driver (BYOVD) NsecSoft driver (BYOVD) Rising Antivirus driver (BYOVD) VMTools AV Killer (BYOVD) placeholder placeholder placeholder placeholder	Mimikatz Veeam-Get-Creds placeholder placeholder placeholder placeholder placeholder placeholder	Cobalt Strike Velociraptor placeholder placeholder placeholder placeholder placeholder placeholder	Azure Blog Storage Catbox[.]moe Cloudflared MinIO OpenSSH Supabase VS Code Tunnel Yuze	Minidump Msiexec PowerShell Remoting (PSRemoting) PsExec RDP Patcher placeholder placeholder placeholder	RClone placeholder placeholder placeholder placeholder placeholder placeholder placeholder

YARA Rules (1)

Indicators of Compromise (IoCs) (4)

Hash SHA256 1 tox 3

Type	IOC
`Hash SHA256`	`da8de7257c6897d2220cdf9d4755b15aeb38715807e3665716d2ee761c266fdb`
`tox`	`3DCE1C43491FC92EA7010322040B254FDD2731001C2DDC2B9E819F0C946BDC3CD251FA3B694A`
`tox`	`84490152E99B9EC4BCFE16080AFCFD6FDCD87512027E85DB318F7B3440982637FC2847F71685`
`tox`	`F79A71AD8BB2E3E7EDFC38970FDC05E922E429B5DFC325C7D0E91F216DE8F3537C1A1C97F197`

Victims (78)

energogroup.net

Discovered: 2025-11-06 (6mo ago) · Attack est.: 2025-11-01

No description provided.…

Discovered: 2025-11-06 (6mo ago) · Attack est.: 2025-11-01

No description provided.…

bengineered.com.au

Discovered: 2025-11-06 (6mo ago) · Attack est.: 2025-11-01

No description provided.…

Discovered: 2025-11-06 (6mo ago) · Attack est.: 2025-11-01

No description provided.…

metro.local

Discovered: 2025-11-06 (6mo ago) · Attack est.: 2025-11-01

No description provided.…

cybervector.co.uk

Discovered: 2025-11-06 (6mo ago) · Attack est.: 2025-11-01

No description provided.…

Discovered: 2025-11-06 (6mo ago) · Attack est.: 2025-11-01

No description provided.…

Discovered: 2025-11-06 (6mo ago) · Attack est.: 2025-11-01

No description provided.…

Discovered: 2025-11-06 (6mo ago) · Attack est.: 2025-11-01

No description provided.…

atg.cz

Discovered: 2025-11-06 (6mo ago)

No description provided.…

Discovered: 2025-11-06 (6mo ago)

No description provided.…

Discovered: 2025-11-06 (6mo ago)

No description provided.…

Discovered: 2025-11-06 (6mo ago)

No description provided.…

sf.walltopia.com

Discovered: 2025-11-06 (6mo ago)

No description provided.…

Discovered: 2025-11-06 (6mo ago)

No description provided.…

Discovered: 2025-11-06 (6mo ago)

No description provided.…

silanosn.local

Discovered: 2025-11-06 (6mo ago)

No description provided.…

Discovered: 2025-09-23 (7mo ago)

all data…

Discovered: 2025-09-16 (8mo ago)

all data…

ferus-smit.home

Discovered: 2025-09-16 (8mo ago)

all data…

jubileelife.com

Discovered: 2025-09-16 (8mo ago)

all data…

Discovered: 2025-09-16 (8mo ago)

all data…

Discovered: 2025-09-16 (8mo ago)

all data…

elssurveying.com

Discovered: 2025-09-16 (8mo ago)

all data…

Discovered: 2025-09-16 (8mo ago)

all data…

okan.ru

Discovered: 2025-09-08 (8mo ago)

finance data…

Discovered: 2025-09-01 (8mo ago)

300G data…

Discovered: 2025-09-01 (8mo ago)

No description provided.…

airfastindonesia.com

Discovered: 2025-08-25 (8mo ago)

all user data…

Discovered: 2025-08-18 (9mo ago)

165g data, including internal documents, financial documents, employee information, CRM database, HR…

Discovered: 2025-08-17 (9mo ago) · Attack est.: 2025-07-04

The data has been bought by other buyers (not victims)…

woodboure

Discovered: 2025-08-17 (9mo ago) · Attack est.: 2025-07-04

The data has been bought by other buyers (not victims)…

STRGOME

Discovered: 2025-08-17 (9mo ago) · Attack est.: 2025-07-04

The data has been bought by other buyers (not victims)…

argeninta

Discovered: 2025-08-17 (9mo ago) · Attack est.: 2025-07-04

The data has been bought by other buyers (not victims)…

houra

Discovered: 2025-08-17 (9mo ago) · Attack est.: 2025-07-04

The data has been bought by other buyers (not victims)…

houxt

Discovered: 2025-08-17 (9mo ago) · Attack est.: 2025-07-04

The data has been bought by other buyers (not victims)…

Discovered: 2025-08-17 (9mo ago) · Attack est.: 2025-07-04

The data has been bought by other buyers (not victims)…

kipl

Discovered: 2025-08-17 (9mo ago) · Attack est.: 2025-06-25

The customer has not paid, and there are no other buyers within the validity period, please enjoy yo…

nszi

Discovered: 2025-08-17 (9mo ago) · Attack est.: 2025-06-25

The customer has not paid, and there are no other buyers within the validity period, please enjoy yo…

Discovered: 2025-08-17 (9mo ago) · Attack est.: 2025-08-09

all data…

Discovered: 2025-08-17 (9mo ago) · Attack est.: 2025-08-09

all data…

mysecop.com

Discovered: 2025-08-17 (9mo ago) · Attack est.: 2025-07-29

all data…

atcmanufacturing

Discovered: 2025-08-17 (9mo ago) · Attack est.: 2025-07-16

all data…

Discovered: 2025-08-17 (9mo ago) · Attack est.: 2025-08-09

This is only a part of the files and file list. The full set of files needs to be purchased separate…

Discovered: 2025-08-17 (9mo ago) · Attack est.: 2025-08-09

all data…

Discovered: 2025-08-17 (9mo ago) · Attack est.: 2025-08-09

all data…

Discovered: 2025-08-17 (9mo ago) · Attack est.: 2025-08-09

[AI generated] BrightWork.com is a project management software company that provides solutions for t…

starsalliance.com

Discovered: 2025-08-17 (9mo ago) · Attack est.: 2025-08-06

The data has been purchased by other buyers…

Discovered: 2025-08-17 (9mo ago) · Attack est.: 2025-08-06

all data…

wytechnology.local

Discovered: 2025-08-17 (9mo ago) · Attack est.: 2025-08-07

The data has been purchased by other buyers…

Discovered: 2025-08-17 (9mo ago) · Attack est.: 2025-08-08

all data…

rougine-mfg.com

Discovered: 2025-08-17 (9mo ago) · Attack est.: 2025-08-08

all data…

Discovered: 2025-08-17 (9mo ago) · Attack est.: 2025-08-14

all data…

Discovered: 2025-08-17 (9mo ago) · Attack est.: 2025-08-15

all data…

Discovered: 2025-08-17 (9mo ago)

all data…

hitachi-hta.com

Discovered: 2025-08-17 (9mo ago)

all data…

Discovered: 2025-08-17 (9mo ago)

all data…

clearybuilding.us

Discovered: 2025-08-17 (9mo ago)

all data…

Discovered: 2025-08-17 (9mo ago)

1 million documents,The full set of files needs to be purchased separately.…

Discovered: 2025-06-11 (11mo ago) · Attack est.: 2025-05-02

[AI generated] Currimjee Group is a Mauritian company engaged in diversified sectors since 1890. Its…

Discovered: 2025-06-11 (11mo ago) · Attack est.: 2025-05-02

[AI generated] Via Optronics is a global technology company that specializes in the production of in…

iberol

Discovered: 2025-06-11 (11mo ago) · Attack est.: 2025-04-10

[AI generated] N/A…

Discovered: 2025-06-11 (11mo ago) · Attack est.: 2025-04-10

[AI generated] N/A…

KMMP

Discovered: 2025-06-11 (11mo ago) · Attack est.: 2025-04-28

[AI generated] N/A…

Discovered: 2025-06-11 (11mo ago) · Attack est.: 2025-04-30

[AI generated] Nippon India Mutual Fund (NIMF), previously known as Reliance Mutual Fund, is one of …

Discovered: 2025-06-11 (11mo ago) · Attack est.: 2025-04-15

[AI generated] Unilever is a multinational corporation that sells branded consumer goods. Founded in…

Ersar

Discovered: 2025-06-11 (11mo ago) · Attack est.: 2025-04-04

[AI generated] N/A…

NCVOO

Discovered: 2025-06-11 (11mo ago) · Attack est.: 2025-04-04

[AI generated] N/A…

BTHK

Discovered: 2025-06-11 (11mo ago) · Attack est.: 2025-04-02

All data…

Discovered: 2025-06-11 (11mo ago)

[AI generated] Lactanet is an agricultural company that provides critical information and innovative…

ssi-mi

Discovered: 2025-06-11 (11mo ago)

[AI generated] N/A…

dad

Discovered: 2025-06-11 (11mo ago)

[AI generated] N/A…

Discovered: 2025-06-11 (11mo ago)

[AI generated] Astronika is a Polish company that specializes in high-tech engineering solutions, wi…

sras

Discovered: 2025-06-11 (11mo ago)

[AI generated] N/A…

icidesi

Discovered: 2025-06-11 (11mo ago)

[AI generated] N/A…

taos

Discovered: 2025-06-11 (11mo ago)

[AI generated] Taos is a technology services and consulting firm that specializes in cloud, DevOps, …

Discovered: 2025-06-11 (11mo ago)

[AI generated] Carducci is an esteemed fashion brand hailing from Cape Town, South Africa. Founded i…

Discovered: 2025-06-11 (11mo ago)

[AI generated] Arch-Con Corporation is a commercial construction company based in Houston, Texas. Th…