← Back to Ransomware Chk

Warlock

Active
The Warlock ransomware and operator(s) are believed to be attributed to Storm-2603, a China-based threat actor who is also known to have deployed LockBit ransomware. There's also a crossover between victims with Black Basta. Both are RaaS and have a long list of known and unknown affiliates. Having said that, this is possibly an affiliate (likely a cybergroup) of both of those groups. The Alliance & Association would technically be Encryptor Sharing, but this is realistically more of an "Old Affiliate" that created their own ransomware encryptor and operation.
78 Victims
Jun 11, 2025 First Discovered
Nov 6, 2025 Last Discovered
179 Days Inactive
27.7% Infostealer
1/4 Sites Online
Top Countries
US 15
JP 5
RU 5
GB 5
PL 3
CA 2
NL 2
TR 2
DK 2
FR 2
Top Sectors
Technology 21
Financial Services 4
Manufacturing 3
Construction 3
Telecommunication 3
Healthcare 2
Agriculture and Food Production 2
Consumer Services 2
Energy 1
Transportation/Logistics 1
Known Locations (4)
Warlock Client Leaked Data Show
elqfbcx5nofwtqfookqml7ltx2g6q6tmddys6e25vgu3al2meim6cbqd.onion
ocwjy4ynmpbbzhumh2ama2vl3bc77lf5auqf7nf4k45lbmzoep2rbyid.onion
WarLock Client Data Leak Show
zfytizegsze6uiswodhbaalyy5rawaytv2nzyzdkt3susbewviqqh7yd.onion
WarLock Client Data Leak Show
warlockhga5iw3t54ps5iytlilf7hlvxy7kwrkidspn4qoh64s4vsuyd.onion
Tools Used
CredentialTheft
Mimikatz, Veeam-Get-Creds
DefenseEvasion
VMTools AV Killer (BYOVD)
DiscoveryEnum
SecurityCheck
LOLBAS
Minidump
Networking
Cloudflared, MinIO, OpenSSH, VS Code Tunnel
Offsec
Velociraptor
RMM-Tools
Radmin
Victims (78)
atg.cz
CZ Technology Discovered: Nov 6, 2025 · Attack est.: Nov 6, 2025
No description provided.
tein.co.jp
JP Technology Discovered: Nov 6, 2025 · Attack est.: Nov 6, 2025
No description provided.
bel.quadra.ru
RU Discovered: Nov 6, 2025 · Attack est.: Nov 6, 2025
No description provided.
ippm.org
GB Discovered: Nov 6, 2025 · Attack est.: Nov 6, 2025
No description provided.
sf.walltopia.com
US Discovered: Nov 6, 2025 · Attack est.: Nov 6, 2025
No description provided.
nartis.ru
RU Discovered: Nov 6, 2025 · Attack est.: Nov 6, 2025
No description provided.
alphasys.bo
BO Discovered: Nov 6, 2025 · Attack est.: Nov 6, 2025
No description provided.
silanosn.local
Discovered: Nov 6, 2025 · Attack est.: Nov 6, 2025
No description provided.
energogroup.net
RU Energy Discovered: Nov 6, 2025 · Attack est.: Oct 31, 2025
No description provided.
goldenline.com
PL Technology Discovered: Nov 6, 2025 · Attack est.: Oct 31, 2025
No description provided.
bengineered.com.au
AU Technology Discovered: Nov 6, 2025 · Attack est.: Oct 31, 2025
No description provided.
mnpease.ca
CA Discovered: Nov 6, 2025 · Attack est.: Oct 31, 2025
No description provided.
metro.local
Discovered: Nov 6, 2025 · Attack est.: Oct 31, 2025
No description provided.
cybervector.co.uk
GB Technology Discovered: Nov 6, 2025 · Attack est.: Oct 31, 2025
No description provided.
fabrity.local
PL Discovered: Nov 6, 2025 · Attack est.: Oct 31, 2025
No description provided.
miltech.local
IS Discovered: Nov 6, 2025 · Attack est.: Oct 31, 2025
No description provided.
mytune.me
MY Discovered: Nov 6, 2025 · Attack est.: Oct 31, 2025
No description provided.
siball.net
RU Technology Discovered: Sep 23, 2025 · Attack est.: Sep 23, 2025
all data
chroma.com.tw
TW Technology Discovered: Sep 16, 2025 · Attack est.: Sep 16, 2025
all data
ferus-smit.home
NL Manufacturing Discovered: Sep 16, 2025 · Attack est.: Sep 16, 2025
all data
jubileelife.com
PK Financial Services Discovered: Sep 16, 2025 · Attack est.: Sep 16, 2025
all data
kmssa.net
SA Discovered: Sep 16, 2025 · Attack est.: Sep 16, 2025
all data
webville.net
US Technology Discovered: Sep 16, 2025 · Attack est.: Sep 16, 2025
all data
elssurveying.com
US Construction Discovered: Sep 16, 2025 · Attack est.: Sep 16, 2025
all data
medkar.com
TR Healthcare Discovered: Sep 16, 2025 · Attack est.: Sep 16, 2025
all data
okan.ru
RU Financial Services Discovered: Sep 8, 2025 · Attack est.: Sep 8, 2025
finance data
mffood.com
DK Agriculture and Food Production Discovered: Sep 1, 2025 · Attack est.: Sep 1, 2025
300G data
gmpc.com
US Discovered: Sep 1, 2025 · Attack est.: Sep 1, 2025
No description provided.
airfastindonesia.com
ID Transportation/Logistics Discovered: Aug 25, 2025 · Attack est.: Aug 25, 2025
all user data
tagorg.com
JO Business Services Discovered: Aug 17, 2025 · Attack est.: Aug 17, 2025
all data
hitachi-hta.com
JP Technology Discovered: Aug 17, 2025 · Attack est.: Aug 17, 2025
all data
primrose.com
GB Education Discovered: Aug 17, 2025 · Attack est.: Aug 17, 2025
all data
clearybuilding.us
US Construction Discovered: Aug 17, 2025 · Attack est.: Aug 17, 2025
all data
wfd2027uae.ae
AE Discovered: Aug 17, 2025 · Attack est.: Aug 14, 2025
all data
magcpa.com
US Financial Services Discovered: Aug 17, 2025 · Attack est.: Aug 13, 2025
all data
colt.net
GB Telecommunication Discovered: Aug 17, 2025 · Attack est.: Aug 11, 2025
1 million documents,The full set of files needs to be purchased separately.
accsnet.com
JP Technology Discovered: Aug 17, 2025 · Attack est.: Aug 8, 2025
all data
advion.com
US Technology Discovered: Aug 17, 2025 · Attack est.: Aug 8, 2025
all data
anthembio.com
US Healthcare Discovered: Aug 17, 2025 · Attack est.: Aug 8, 2025
all data
syspro.com
US Technology Discovered: Aug 17, 2025 · Attack est.: Aug 8, 2025
all data
brightwork.com
US Technology Discovered: Aug 17, 2025 · Attack est.: Aug 8, 2025
[AI generated] BrightWork.com is a project management software company that provides solutions for teams and organizations to manage and track their projects. It offers templates, reports, role-based dashboards, risk management...
webcids.com
US Technology Discovered: Aug 17, 2025 · Attack est.: Aug 7, 2025
all data
rougine-mfg.com
US Manufacturing Discovered: Aug 17, 2025 · Attack est.: Aug 7, 2025
all data
wytechnology.local
Technology Discovered: Aug 17, 2025 · Attack est.: Aug 6, 2025
The data has been purchased by other buyers
starsalliance.com
Discovered: Aug 17, 2025 · Attack est.: Aug 5, 2025
The data has been purchased by other buyers
sipecom.com
EC Technology Discovered: Aug 17, 2025 · Attack est.: Aug 5, 2025
all data
infoniqa.com
AT Technology Discovered: Aug 18, 2025 · Attack est.: Aug 3, 2025
165g data, including internal documents, financial documents, employee information, CRM database, HR database, SaaS database
mysecop.com
Technology Discovered: Aug 17, 2025 · Attack est.: Jul 28, 2025
all data
orange.com
FR Telecommunication Discovered: Aug 17, 2025 · Attack est.: Jul 24, 2025
This is only a part of the files and file list. The full set of files needs to be purchased separately.
atcmanufacturing
US Manufacturing Discovered: Aug 17, 2025 · Attack est.: Jul 15, 2025
all data
gmtaconline
PH Discovered: Aug 17, 2025 · Attack est.: Jul 3, 2025
The data has been bought by other buyers (not victims)
woodboure
Discovered: Aug 17, 2025 · Attack est.: Jul 3, 2025
The data has been bought by other buyers (not victims)
STRGOME
Discovered: Aug 17, 2025 · Attack est.: Jul 3, 2025
The data has been bought by other buyers (not victims)
argeninta
Discovered: Aug 17, 2025 · Attack est.: Jul 3, 2025
The data has been bought by other buyers (not victims)
houra
FR Discovered: Aug 17, 2025 · Attack est.: Jul 3, 2025
The data has been bought by other buyers (not victims)
houxt
GB Discovered: Aug 17, 2025 · Attack est.: Jul 3, 2025
The data has been bought by other buyers (not victims)
getdomain
DK Discovered: Aug 17, 2025 · Attack est.: Jul 3, 2025
The data has been bought by other buyers (not victims)
kipl
IN Discovered: Aug 17, 2025 · Attack est.: Jun 24, 2025
The customer has not paid, and there are no other buyers within the validity period, please enjoy your data
nszi
HR Discovered: Aug 17, 2025 · Attack est.: Jun 24, 2025
The customer has not paid, and there are no other buyers within the validity period, please enjoy your data
lactanet
CA Agriculture and Food Production Discovered: Jun 11, 2025 · Attack est.: Jun 11, 2025
[AI generated] Lactanet is an agricultural company that provides critical information and innovative solutions to dairy farmers to optimize the health and productivity of their herds. Formed through a merger...
ssi-mi
JP Discovered: Jun 11, 2025 · Attack est.: Jun 11, 2025
[AI generated] N/A
dad
Discovered: Jun 11, 2025 · Attack est.: Jun 11, 2025
[AI generated] N/A
astronika
PL Technology Discovered: Jun 11, 2025 · Attack est.: Jun 11, 2025
[AI generated] Astronika is a Polish company that specializes in high-tech engineering solutions, with a particular focus on space technologies. Their main activities include research, design, and development of advanced...
sras
Discovered: Jun 11, 2025 · Attack est.: Jun 11, 2025
[AI generated] N/A
icidesi
TR Discovered: Jun 11, 2025 · Attack est.: Jun 11, 2025
[AI generated] N/A
taos
US Technology Discovered: Jun 11, 2025 · Attack est.: Jun 11, 2025
[AI generated] Taos is a technology services and consulting firm that specializes in cloud, DevOps, and security solutions. Headquartered in San Jose, CA, they work with clients across various industries,...
carducci
ZA Consumer Services Discovered: Jun 11, 2025 · Attack est.: Jun 11, 2025
[AI generated] Carducci is an esteemed fashion brand hailing from Cape Town, South Africa. Founded in 1978, it specializes in sophisticated menswear, particularly business and casual wear, tailored suits, accessories,...
Arch-con
US Construction Discovered: Jun 11, 2025 · Attack est.: Jun 11, 2025
[AI generated] Arch-Con Corporation is a commercial construction company based in Houston, Texas. They work across various market sectors such as office, retail, healthcare, hospitality, industrial, and many more. Arch-Con...
currimjee
MU Telecommunication Discovered: Jun 11, 2025 · Attack est.: May 1, 2025
[AI generated] Currimjee Group is a Mauritian company engaged in diversified sectors since 1890. Its sectors include Telecommunications, Media & IT, Energy, Real Estate, Tourism, Food & Beverages, Financial Services,...
via-optronics
DE Technology Discovered: Jun 11, 2025 · Attack est.: May 1, 2025
[AI generated] Via Optronics is a global technology company that specializes in the production of interactive display systems and digital components. The company provides solutions such as enhanced displays, touch...
nipponindiaim
IN Financial Services Discovered: Jun 11, 2025 · Attack est.: Apr 29, 2025
[AI generated] Nippon India Mutual Fund (NIMF), previously known as Reliance Mutual Fund, is one of the leading mutual fund companies in India. It is part of Nippon Life India...
KMMP
JP Discovered: Jun 11, 2025 · Attack est.: Apr 27, 2025
[AI generated] N/A
unilever
NL Consumer Services Discovered: Jun 11, 2025 · Attack est.: Apr 14, 2025
[AI generated] Unilever is a multinational corporation that sells branded consumer goods. Founded in 1929 and based in London, England and Rotterdam, Netherlands, their products range across food, beverages, cleaning...
iberol
ES Discovered: Jun 11, 2025 · Attack est.: Apr 9, 2025
[AI generated] N/A
eira-group
FI Discovered: Jun 11, 2025 · Attack est.: Apr 9, 2025
[AI generated] N/A
Ersar
PT Discovered: Jun 11, 2025 · Attack est.: Apr 3, 2025
[AI generated] N/A
NCVOO
BM Discovered: Jun 11, 2025 · Attack est.: Apr 3, 2025
[AI generated] N/A
BTHK
HK Discovered: Jun 11, 2025 · Attack est.: Apr 1, 2025
All data
Source: Ransomware.live | Data cached and served by Digital Checkmark IT Services | Ransomware Chk