2023Lock is the third (technically fourth) in a line of ransomware beginning with Zeoticus in December 2019. Following Zeoticus was Zeoticus 2.0 and then Venus, which is remarkably different from Zeoticus. Hence the mention of "technically fourth." It uses the same encryption mechanisms as Zeoticus and Zeoticus 2.0 - XChaCha combined with curve25519xsalsa20poly1305. After encryption, 2023Lock appends the ".2023lock" file extension on files and drops two ransom notes: README.html and README.txt. It also drops an HTA file to provide decryption instructions. 2023Lock is very similar to TrinityLock, which proceeded 2023Lock. So much so that these two are often just called TrinityLock. However, we see 2023Lock as more of a TrinityLock beta. As such, we have created this entry here.
