GD LockerSec is a little-documented ransomware-associated name that has appeared in reporting as a possible affiliate or peripheral actor in the contemporary ransomware ecosystem. It has been referenced among ransomware impersonator or scam-style entities and has also surfaced in unverified cooperation claims involving names such as Bjorka and Babuk 2.0. Available information does not support a high-confidence assessment that GD LockerSec is a mature, distinct ransomware operation with a well-established victimology, malware lineage, or operational history. The actor is also referenced under the alias gd_lockersec. Current reporting suggests possible positioning around ransomware branding, affiliate activity, or opportunistic reputation piggybacking rather than a clearly attributable, standalone intrusion set. Because the available evidence is sparse and partly associated with deception-prone corners of the cybercriminal ecosystem, claims about partnerships, capabilities, or campaign scope should be treated cautiously. There is currently not enough high-confidence public information to reliably characterize GD LockerSec’s tooling, preferred initial access methods, extortion model, geographic focus, or state affiliation. No corroborated evidence presently establishes it as a nation-state actor. The most defensible assessment is that GD LockerSec is an obscure and weakly substantiated ransomware-linked persona or group name that has circulated in underground and reporting contexts, including possible affiliate references and scam or impersonation associations.
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
1 malware family attributed to this actor across reporting.
2 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Likely impersonator or scam-oriented ransomware brand participating in recycled-data and reputational-arbitrage activity.
Named as a possible Babuk2 affiliate based on leak-site collaboration indicators; no further details provided.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.