The LockBit ransomware was first discovered in September 2019. It was previously known as ABCD because of the ".abcd" extension given to encrypted files. LockBit currently uses the malware of the same name and operates on a ransomware-as-a-service (RaaS) model, which means partners make a deposit to use the tool and then share the ransom with LockBit operators. It is well known that some partners receive a share of up to 75%.
LockBit's initial attack vectors include social engineering such as phishing, spear-phishing and business email compromise (BEC), use of public applications, hiring Initial Access Brokers (IABs), and using stolen credentials to access valid accounts, as well as brute-force hacking.
During last year's Global Threat Forecast webinar hosted by SecurityHQ, the LockBit group was identified as a serious threat and decided that increased attention should be paid to their attacks. LockBit attacks are typically targeted at government agencies and businesses in healthcare, finance, industrial products, services, and more. Most often, the United States, China, India, Indonesia, Ukraine, France, Great Britain and Germany become victims of the group's attacks.
Another interesting feature of LockBit is that it is programmed in such a way that it cannot be used to attack Russia or the CIS countries. This suggests some thoughts about the origin of the grouping.
In 2022, the LockBit group claimed more successful attacks than any other ransomware gang. In the chart below, you can also see a clear drop in the activity of the once very widespread Conti group. Reportedly, its members now work in the BlackBasta, BlackByte, and Karakurt ransomware groups.
The chart below shows how active LockBit was overall last year compared to other ransomware groups.
One of the unique features of LockBit is their Bug Bounty program. The group is offering a $1 million reward to anyone who can identify the authors or operators of the program. This is a significant amount and shows how serious LockBit is about maintaining its anonymity.
Overall, the LockBit ransomware group is a powerful and sophisticated cybercriminal organization that poses a serious threat to businesses and organizations around the world. Thanks to its well-established RaaS model, as well as its Bug Bounty program, LockBit is a force to be reckoned with in the darknet world.