HOMETHREATSInfinityLock
APT / THREAT GROUP💰 FINANCIALHIGH

InfinityLock

2
aliases
Last seen:Mar 17, 2026

Intelligence Profile

InfinityLock ransomware is a type of malicious software that encrypts a victim's files and demands a ransom payment in order to decrypt them. It is spread through phishing emails and malicious websites. Once a computer is infected with InfinityLock, it encrypts all important files, such as documents, photos, and videos. It then displays a message that demands the victim pay a ransom of $1,000 in Bitcoin in order to decrypt the files. If the victim does not pay the ransom, the files will be lost permanently.

Threat Analysis

InfinityLock is a high-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of financial.

Financially motivated threat actors like InfinityLock prioritize monetary gain through methods such as ransomware deployment, banking trojans, cryptocurrency theft, BEC scams, or credential harvesting for resale on underground markets.

With high sophistication, InfinityLock is capable of targeted intrusions using adapted commodity tools alongside custom implants, maintaining operational security and evading standard detection mechanisms.

Quick Facts

TypeAPT / Threat Group
Motivation💰 financial
Sophisticationhigh
Aliases2

Also Known As

win.infinitylockInfinityLock

External Intelligence

Malpedia: win.infinitylock

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.
InfinityLock — APT / Threat Group | Threat Intelligence | CTIWATCH.COM