Version française : 🇫🇷


Based on incidents reported to the ANSSI and their commonalities, investigations were carried out by the Agency to confirm the existence of a single cyber criminal group responsible for these incidents, understand its modus operandi and distinguish its techniques, tactics and procedures (TTPs). First observed in June 2020, this group named Lockean is thought to have affiliated with several Ransomware-as-a-Service (RaaS) including DoppelPaymer, Maze, Prolock, Egregor and Sodinokibi. Lockean has a propensity to target French entities under a Big Game Hunting rationale.

Indicators of compromise are available in structured formats on the page CERTFR-2021-IOC-004.