JupiterLock Active
Ransomware group first observed in 2017. Uses ConnectWise for deployment.0
Total Victims
2017-10-01
First Seen
2026-02-08
Last Seen
10
Known TTPs
28.9d
Avg Delay
0
Negotiations
ONION URLS
ebhmkoohccl45qesdbvrjqtyro2hmhkmh6vkyfyjjzfllm3ix72aqaid.onion
ebhmkoohccl45qesdbvrjqtyro2hmhkmh6vkyfyjjzfllm3ix72aqaid.onion
TOOLS
ConnectWise
Cloudflare Tunnel
Ligolo
PowerShell Empire
Rclone
FILE EXTENSIONS
.crypt
ACTIVITY TIMELINE
TOP SECTORS
TOP COUNTRIES
ACTIVITY HEATMAP
| Date | Victim Name | Country | Sector | Status |
|---|---|---|---|---|
| No victims recorded | ||||
| Technique ID | Technique Name | Tactic |
|---|---|---|
| T1005 | Data from Local System | Collection |
| T1110.003 | Password Spraying | Credential Access |
| T1218.011 | Rundll32 | Defense Evasion |
| T1562.004 | Disable or Modify System Firewall | Defense Evasion |
| T1018 | Remote System Discovery | Discovery |
| T1049 | System Network Connections Discovery | Discovery |
| T1059.001 | PowerShell | Execution |
| T1059.006 | Python | Execution |
| T1567.002 | Exfiltration to Cloud Storage | Exfiltration |
| T1566.002 | Spearphishing Link | Initial Access |
No YARA rules
No ransom notes