Security News > 2021 > November > Lockean multi-RaaS affiliate linked to attacks against French businesses
Details about the tools and tactics used by a ransomware affiliate group, now tracked as Lockean, have emerged today in a report from France's Computer Emergency Response Team.
Lockean activity was first noticed in 2020 when the actor hit a French company in the manufacturing sector and deployed DoppelPaymer ransomware on the network.
Between June 2020 and March 2021, Lockean attacked at least seven more companies with various ransomware families: Maze, Egregor, ProLock, REvil.
Four additional companies, unnamed by CERT-FR, were identified as victims of Lockean from reports to ANSSI, France's national cybersecurity agency, and two incidents described by private organizations Intrinsec and The DFIR Report.
Looking at the indicators of compromise in the report, Valery Marchive of LegMagIT found several IP addresses related to Conti ransomware, indicating Lockean's affiliation to additional RaaS operations and targeting of businesses in other regions.
Lockean is the second ransomware affiliate identified this year.