LockBit Gang

Description

(Bleeping Computer) LockBit ransomware takes as little as five minutes to deploy the encryption routine on target systems once it lands on the victim network.

Joining the ransomware-as-a-service (RaaS) business in September 2019, LockBit is atypical in that it’s driven by automated processes for quick spreading across the victim network, identifying valuable systems and locking them up.

LockBit attacks leave few traces for forensic analysis as the malware loads into the system memory, with logs and supporting files removed upon execution.

Names

Name	Name-Giver
LockBit Gang	?
Bitwise Spider	CrowdStrike

Country

• Unknown

Motivation

• Financial gain

First Seen

2019

Observed Sectors

• Aviation
• Defense
• Energy
• Financial
• Healthcare
• Transportation

Observed Countries

• Worlwide

Tools

• 3AM
• CrackMapExec
• EmpireProject
• LockBit
• Mimikatz
• PsExec

Operations

• 2020-05: LockBit ransomware self-spreads to quickly encrypt 225 systems https://www.bleepingcomputer.com/news/security/lockbit-ransomware-self-spreads-to-quickly-encrypt-225-systems/
• 2020-08: Interpol: Lockbit ransomware attacks affecting American SMBs https://www.bleepingcomputer.com/news/security/interpol-lockbit-ransomware-attacks-affecting-american-smbs/
• 2020-09: LockBit ransomware launches data leak site to double-extort victims https://www.bleepingcomputer.com/news/security/lockbit-ransomware-launches-data-leak-site-to-double-extort-victims/
• 2020-12: Ransomware hits helicopter maker Kopter https://www.zdnet.com/article/ransomware-hits-helicopter-maker-kopter/
• 2021-04: UK rail network Merseyrail likely hit by Lockbit ransomware https://www.bleepingcomputer.com/news/security/uk-rail-network-merseyrail-likely-hit-by-lockbit-ransomware/
• 2021-06: LockBit Resurfaces With Version 2.0 Ransomware Detections in Chile, Italy, Taiwan, UK https://www.trendmicro.com/en_us/research/21/h/lockbit-resurfaces-with-version-2-0-ransomware-detections-in-chi.html
• 2021-08: Energy group ERG reports minor disruptions after ransomware attack https://www.bleepingcomputer.com/news/security/energy-group-erg-reports-minor-disruptions-after-ransomware-attack/
• 2021-08: LockBit ransomware recruiting insiders to breach corporate networks https://www.bleepingcomputer.com/news/security/lockbit-ransomware-recruiting-insiders-to-breach-corporate-networks/
• 2021-08: LockBit 2.0 ransomware incidents in Australia https://www.cyber.gov.au/acsc/view-all-content/alerts/lockbit-20-ransomware-incidents-australia
• 2021-08: Accenture confirms hack after LockBit ransomware data leak threats https://www.bleepingcomputer.com/news/security/accenture-confirms-hack-after-lockbit-ransomware-data-leak-threats/
• 2021-08: LockBit Ransomware Wants to Hire Your Employees https://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees
• 2021-08: Bangkok Air confirms passenger PII leak after ransomware attack https://therecord.media/bangkok-air-confirms-passenger-pii-leak-after-ransomware-attack/
• 2021-09: LockBit 2.0: Ransomware Attacks Surge After Successful Affiliate Recruitment https://securityintelligence.com/posts/lockbit-ransomware-attacks-surge-affiliate-recruitment/
• 2021-10: LockBit 2.0 ransomware hit Israeli defense firm E.M.I.T. Aviation Consulting https://securityaffairs.co/wordpress/122892/cyber-crime/e-m-i-t-aviation-consulting-ransomware.html
• 2021-11: BlackMatter ransomware moves victims to LockBit after shutdown https://www.bleepingcomputer.com/news/security/blackmatter-ransomware-moves-victims-to-lockbit-after-shutdown/
• 2022-01: Infamous ransomware group claims it hacked France’s Justice Ministry https://www.politico.eu/article/infamous-ransomware-group-claims-it-hacked-frances-justice-ministry/
• 2022-01: LockBit ransomware gang claims PayBito crypto exchange as new victim https://www.hackread.com/lockbit-ransomware-paybito-crypto-exchange-hack/
• 2022-02: Bridgestone Americas confirms ransomware attack, LockBit leaks data https://www.bleepingcomputer.com/news/security/bridgestone-americas-confirms-ransomware-attack-lockbit-leaks-data/
• 2022-02: Russia-Linked LockBit Gang Attacks an MSP and Two Manufacturers Using the Targets’ RMM Tools to Infect Downstream Customers and Employees with Ransomware https://www.esentire.com/blog/russia-linked-lockbit-ransomware-gang-attacks-an-msp-and-two-manufacturers-using-the-targets-rmm-tools-to-infect-downstream-customers-and-employees-with-ransomware
• 2022-03: Rail giant Wabtec discloses data breach after Lockbit ransomware attack https://www.bleepingcomputer.com/news/security/rail-giant-wabtec-discloses-data-breach-after-lockbit-ransomware-attack/
• 2022-04: Rio de Janeiro finance department hit with LockBit ransomware https://therecord.media/rio-de-janeiro-finance-department-hit-with-lockbit-ransomware/
• 2022-04: Lockbit, Hive, and BlackCat attack automotive supplier in triple ransomware attack https://news.sophos.com/en-us/2022/08/10/lockbit-hive-and-blackcat-attack-automotive-supplier-in-triple-ransomware-attack/
• 2022-05: LockBit 2.0 posted a notice to the dark web portal it uses to identify and extort its victims saying it had files from the Bulgarian State Agency for Refugees under the Council of Ministers. https://www.cyberscoop.com/lockbit-ransomware-attack-bulgarian-refugee-agency/
• 2022-05: Canadian fighter jet training company investigating ransomware attack https://therecord.media/top-aces-ransomware-attack-lockbit/
• 2022-05: Foxconn confirms ransomware attack disrupted production in Mexico https://www.bleepingcomputer.com/news/security/foxconn-confirms-ransomware-attack-disrupted-production-in-mexico/
• 2022-06: Mandiant: “No evidence” we were hacked by LockBit ransomware https://www.bleepingcomputer.com/news/security/mandiant-no-evidence-we-were-hacked-by-lockbit-ransomware/
• 2022-06: LockBit Ransomware Disguised as Copyright Claim E-mail Being Distributed https://asec.ahnlab.com/en/35822/
• 2022-06: LockBit claims ransomware attack on security giant Entrust, leaks data https://www.bleepingcomputer.com/news/security/lockbit-claims-ransomware-attack-on-security-giant-entrust-leaks-data/
• 2022-06: LockBit 3.0 introduces the first ransomware bug bounty program https://www.bleepingcomputer.com/news/security/lockbit-30-introduces-the-first-ransomware-bug-bounty-program/
• 2022-07: French telecom company La Poste Mobile struggling to recover from ransomware attack https://therecord.media/french-telecom-company-la-poste-mobile-struggling-to-recover-from-ransomware-attack/
• 2022-07: Ransomware gang now lets you search their stolen data https://www.bleepingcomputer.com/news/security/ransomware-gang-now-lets-you-search-their-stolen-data/
• 2022-07: LockBit claims ransomware attack on Italian tax agency https://www.bleepingcomputer.com/news/security/lockbit-claims-ransomware-attack-on-italian-tax-agency/
• 2022-07: The prolific Lockbit ransomware gang appears to have claimed another two scalps in recent days: the Canadian town of St Marys and the Italian tax agency. https://www.infosecurity-magazine.com/news/lockbit-ramps-up-attacks-on-public/
• 2022-08: LockBit ransomware gang gets aggressive with triple-extortion tactic https://www.bleepingcomputer.com/news/security/lockbit-ransomware-gang-gets-aggressive-with-triple-extortion-tactic/
• 2022-09: LockBit updates leak site with post about Sud-Francilien hospital https://www.databreaches.net/lockbit-updates-leak-site-with-post-about-sud-francilien-hospital/
• 2022-09: Virginia County Confirms Personal Information Stolen in Ransomware Attack https://www.securityweek.com/virginia-county-confirms-personal-information-stolen-ransomware-attack
• 2022-10: Microsoft Exchange servers hacked to deploy LockBit ransomware https://www.bleepingcomputer.com/news/security/microsoft-exchange-servers-hacked-to-deploy-lockbit-ransomware/
• 2022-10: Japanese tech firm Oomiya hit by LockBit 3.0. Multiple supply chains potentially impacted https://securityaffairs.co/wordpress/137243/cyber-crime/oomiya-lockbit-3-0-ransomware.html
• 2022-10: Pendragon car dealer refuses $60 million LockBit ransomware demand https://www.bleepingcomputer.com/news/security/pendragon-car-dealer-refuses-60-million-lockbit-ransomware-demand/
• 2022-11: LockBit ransomware claims attack on Continental automotive giant https://www.bleepingcomputer.com/news/security/lockbit-ransomware-claims-attack-on-continental-automotive-giant/
• 2022-11: LockBit 3.0 gang claims to have stolen data from Kearney & Company https://securityaffairs.co/wordpress/138136/cyber-crime/lockbit-ransomware-kearney-company.html
• 2022-11: LockBit 3.0 Says It’s Holding a Canadian City for Ransom https://www.bankinfosecurity.com/lockbit-30-says-its-holding-canadian-city-for-ransom-a-20529
• 2022-11: LockBit takes credit for November ransomware attack on Sacramento PBS station https://therecord.media/lockbit-takes-credit-kvie-pbs-ransomware/
• 2022-12: LockBit claims attack on California’s Department of Finance https://www.bleepingcomputer.com/news/security/lockbit-claims-attack-on-californias-department-of-finance/
• 2022-12: LockBit ransomware used in attack on Ohio town’s court, police department and more https://therecord.media/lockbit-ransomware-group-attacks-ohio-towns-court-police-department-and-more/
• 2022-12: Port of Lisbon website still down as LockBit gang claims cyberattack https://therecord.media/port-of-lisbon-website-still-down-as-lockbit-gang-claims-cyberattack/
• 2022-12: LockBit 3.0 gives Sick Kids free decryptor, claims to ban partner who attacked them https://www.databreaches.net/breaking-lockbit-3-0-gives-sick-kids-free-decryptor-claims-to-ban-partner-who-attacked-them/
• 2022-12: Los Angeles’ Housing Authority hit by LockBit https://www.databreaches.net/los-angeles-housing-authority-hit-by-lockbit-claim/
• 2023-01: LockBit ransomware gang claims Royal Mail cyberattack https://www.bleepingcomputer.com/news/security/lockbit-ransomware-gang-claims-royal-mail-cyberattack/
• 2023-01: LockBit ransomware goes ‘Green,’ uses new Conti-based encryptor https://www.bleepingcomputer.com/news/security/lockbit-ransomware-goes-green-uses-new-conti-based-encryptor/
• 2023-02: LockBit gang takes credit for attack on water utility in Portugal https://therecord.media/porto-portugal-water-utility-cyberattack-lockbit
• 2023-02: Washington state public bus system confirms ransomware attack https://therecord.media/pierce-transit-washington-ransomware-attack-lockbit
• 2023-02: LockBit ransomware gang now also claims City of Oakland breach https://www.bleepingcomputer.com/news/security/lockbit-ransomware-gang-now-also-claims-city-of-oakland-breach/
• 2023-02: LockBit Green and phishing that targets organizations https://securelist.com/crimeware-report-lockbit-switchsymb/110068/
• 2023-03: LockBit brags: We’ll leak thousands of SpaceX blueprints stolen from supplier https://www.theregister.com/2023/03/13/lockbit_spacex_ransomware/
• 2023-03: LockBit ransomware claims Essendant attack, company says “network outage” https://www.bleepingcomputer.com/news/security/lockbit-ransomware-claims-essendant-attack-company-says-network-outage-/
• 2023-03: Data stolen from Florida sheriff’s office leaked by LockBit ransomware group https://therecord.media/florida-sheriff-data-leak-lockbit-ransomware
• 2023-03: LockBit leaks data stolen from the South Korean National Tax Service https://securityaffairs.com/144342/cyber-crime/lockbit-south-korean-national-tax-service.html
• 2023-04: Darktrace: Investigation found no evidence of LockBit breach https://www.bleepingcomputer.com/news/security/darktrace-investigation-found-no-evidence-of-lockbit-breach/
• 2023-04: LockBit ransomware encryptors found targeting Mac devices https://www.bleepingcomputer.com/news/security/lockbit-ransomware-encryptors-found-targeting-mac-devices/
• 2023-04: Microsoft: Clop and LockBit ransomware behind PaperCut server hacks https://www.bleepingcomputer.com/news/security/microsoft-clop-and-lockbit-ransomware-behind-papercut-server-hacks/
• 2023-04: LockBit 3.0 Leaks 600 GBs of Data Stolen From Indian Lender https://www.bankinfosecurity.com/lockbit-30-leaks-600-gbs-data-stolen-from-indian-lender-a-22010
• 2023-04: Royal Dutch Football Association says hackers stole employee data https://therecord.media/netherlands-dutch-football-association-cyberattack-soccer https://therecord.media/dutch-football-association-paid-ransom-lockbit
• 2023-05: LockBit Leaks 1.5TB of Data Stolen From Indonesia’s BSI Bank https://www.bankinfosecurity.com/lockbit-leaks-15tb-data-stolen-from-indonesias-bsi-bank-a-22110
• 2023-05: Kyocera AVX says ransomware attack impacted 39,000 individuals https://www.bleepingcomputer.com/news/security/kyocera-avx-says-ransomware-attack-impacted-39-000-individuals/
• 2023-06: Zipper giant YKK confirms cyberattack targeted U.S. networks https://therecord.media/ykk-zipper-manufacturer-cyberattack-us-operations
• 2023-06: TSMC denies LockBit hack as ransomware gang demands $70 million https://www.bleepingcomputer.com/news/security/tsmc-denies-lockbit-hack-as-ransomware-gang-demands-70-million/
• 2023-07: Wisconsin county dealing with ‘catastrophic software failure’; California city declares ransomware emergency https://therecord.media/wisconsin-county-dealing-with-software-failure
• 2023-07: Russia-linked cybercriminals target school for children with learning difficulties https://therecord.media/russian-cybercriminals-target-uk-school
• 2023-08: The LockBit ransomware group threatens to leak medical data of cancer patients stolen from Varian Medical Systems https://securityaffairs.com/149307/cyber-crime/varian-medical-systems-lockbit-ransomware.html
• 2023-08: Sensitive Data about UK Military Sites Potentially Leaked by LockBit https://www.infosecurity-magazine.com/news/sensitive-data-uk-army-potentially/
• 2023-08: California city investigating data theft after ransomware group’s claims https://therecord.media/california-city-el-cerrito-investigates-data-theft-lockbit
• 2023-08: Siemens Healthineers responds to alleged data theft by LockBit ransomware gang https://therecord.media/siemens-healthineers-alleged-ransomware-incident-lockbit
• 2023-08: Spain warns of LockBit Locker ransomware phishing attacks https://www.bleepingcomputer.com/news/security/spain-warns-of-lockbit-locker-ransomware-phishing-attacks/
• 2023-08: Montreal electricity organization latest victim in LockBit ransomware spree https://therecord.media/montreal-electricity-organization-lockbit-victim
• 2023-08: The LockBit ransomware gang claims to have breached the Commission des services electriques de Montréal (CSEM) https://securityaffairs.com/150247/cyber-crime/lockbit-ransomware-csem.html
• 2023-08: Under Siege: Rapid7-Observed Exploitation of Cisco ASA SSL VPNs https://www.rapid7.com/blog/post/2023/08/29/under-siege-rapid7-observed-exploitation-of-cisco-asa-ssl-vpns/
• 2023-09: CDW data to be leaked next week after negotiations with LockBit break down https://www.theregister.com/2023/10/06/cdw_lockbit_negotiations/
• 2023-09: Alleged LockBit attack shuts down city networks in Seville https://therecord.media/lockbit-cyberattack-shuts-down-networks-in-seville-spain
• 2023-09: Virginia school district open despite LockBit ransomware attack https://therecord.media/virginia-school-district-open-lockbit
• 2023-09: 3AM: New Ransomware Family Used As Fallback in Failed LockBit Attack https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/3am-ransomware-lockbit
• 2023-09: Upstate New York nonprofit hospitals still facing issues after LockBit ransomware attack https://therecord.media/upstate-new-york-hospitals-ransomware-attack
• 2023-10: Freight giant Estes refuses to deliver ransom, says personal data opened and stolen https://www.theregister.com/2024/01/03/estes_ransomware/
• 2023-10: Boeing confirms cyberattack amid LockBit ransomware claims https://www.bleepingcomputer.com/news/security/boeing-confirms-cyberattack-amid-lockbit-ransomware-claims/ https://www.bleepingcomputer.com/news/security/lockbit-ransomware-leaks-gigabytes-of-boeing-data/
• 2023-10: California community college Río Hondo dealing with cybersecurity incident https://therecord.media/california-college-rio-hondo-cyberattack
• 2023-11: Industrial and Commercial Bank of China dealing with LockBit ransomware attack https://therecord.media/icbc-dealing-with-ransomware-attack
• 2023-11: Egyptian E-Payment Vendor Recovering From LockBit Ransomware Attack https://www.darkreading.com/cyberattacks-data-breaches/fawry-recovering-from-lockbit-ransomware-attack-
• 2023-11: LockBit ransomware group assemble strike team to breach banks, law firms and governments https://doublepulsar.com/lockbit-ransomware-group-assemble-strike-team-to-breach-banks-law-firms-and-governments-4220580bfcee?gi=af98d89a956a
• 2023-11: Canadian government discloses data breach after contractor hacks https://www.bleepingcomputer.com/news/security/canadian-government-discloses-data-breach-after-contractor-hacks/
• 2023-11: Capital Health attack claimed by LockBit ransomware, risk of data leak https://www.bleepingcomputer.com/news/security/capital-health-attack-claimed-by-lockbit-ransomware-risk-of-data-leak/
• 2023-11: Infosys McCamish says LockBit stole data of 6 million people https://www.bleepingcomputer.com/news/security/infosys-mccamish-says-lockbit-stole-data-of-6-million-people/
• 2023-12: Shoe retailer Aldo says LockBit posting is related to system at franchise partner https://therecord.media/aldo-franchise-partner-lockbit-ransomware-posting
• 2023-12: LockBit ransomware now poaching BlackCat, NoEscape affiliates https://www.bleepingcomputer.com/news/security/lockbit-ransomware-now-poaching-blackcat-noescape-affiliates/
• 2023-12: The ransomware attack on Westpole is disrupting digital services for Italian public administration https://securityaffairs.com/156090/cyber-crime/westpole-ransomware-attack.html
• 2023-12: LockBit ransomware gang claims to have breached accountancy firm Xeinadin https://securityaffairs.com/156303/cyber-crime/lockbit-gang-xeinadin.html
• 2023-12: Lockbit ransomware disrupts emergency care at German hospitals https://www.bleepingcomputer.com/news/security/lockbit-ransomware-disrupts-emergency-care-at-german-hospitals/
• 2023-12: December cyberattack on Chicago community hospital claimed by LockBit gang https://therecord.media/ransomware-saint-anthony-hospital-chicago
• 2024-01: Taiwanese semiconductor company hit by ransomware attack https://therecord.media/foxsemicon-ransomware-attack-taiwan
• 2024-01: LockBit Ransomware Distributed via Word Files Disguised as Resumes https://asec.ahnlab.com/en/60633/
• 2024-01: Subway Puts a LockBit Investigation on the Menu https://www.darkreading.com/cyberattacks-data-breaches/subway-lockbit-investigation-on-menu
• 2024-01: California union confirms ransomware attack following LockBit claims https://therecord.media/california-union-lockbit-attack-ransomware
• 2024-01: LockBit Attempts to Stay Afloat With a New Version https://www.trendmicro.com/en_us/research/24/b/lockbit-attempts-to-stay-afloat-with-a-new-version.html
• 2024-02: LockBit claims ransomware attack on Fulton County, Georgia https://www.bleepingcomputer.com/news/security/lockbit-claims-ransomware-attack-on-fulton-county-georgia/ https://krebsonsecurity.com/2024/02/fulton-county-security-experts-call-lockbits-bluff/
• 2024-02: Jacksonville Beach and other US municipalities report data breaches following cyberattacks https://therecord.media/jacksonville-beach-municipalities-hit-by-cyberattacks
• 2024-02: LockBit takes credit for February shutdown of South African pension fund https://therecord.media/lockbit-ransomware-takes-credit-for-south-african-pension-fund-attack
• 2024-02: LockBit ransomware returns, restores servers after police disruption https://www.bleepingcomputer.com/news/security/lockbit-ransomware-returns-restores-servers-after-police-disruption/ https://www.bleepingcomputer.com/news/security/lockbit-ransomware-returns-to-attacks-with-new-encryptors-servers/
• 2024-03: Ransomware Talent Surges to Akira After LockBit’s Demise https://www.bankinfosecurity.com/ransomware-talent-surges-to-akira-after-lockbits-demise-a-24583
• 2024-03: Pharmaceutical development company investigating cyberattack after LockBit posting https://therecord.media/pharmaceutical-development-company-investigating-cyber-incident-lockbit
• 2024-04: DC city agency says LockBit claims tied to third-party attack https://therecord.media/dc-city-agency-ransomware-attack-lockbit
• 2024-04: French hospital CHC-SV refuses to pay LockBit extortion demand https://www.bleepingcomputer.com/news/security/french-hospital-chc-sv-refuses-to-pay-lockbit-extortion-demand/
• 2024-04: LockBit says they stole data in London Drugs ransomware attack https://www.bleepingcomputer.com/news/security/lockbit-says-they-stole-data-in-london-drugs-ransomware-attack/
• 2024-05: City of Wichita breach claimed by LockBit ransomware gang https://www.bleepingcomputer.com/news/security/city-of-wichita-breach-claimed-by-lockbit-ransomware-gang/
• 2024-05: New LockBit Black Campaign Observed https://www.cyber.nj.gov/Home/Components/News/News/1312/214?fsiteid=2&loadingmode=PreviewContent
• 2024-06: LockBit lied: Stolen data is from a bank, not US Federal Reserve https://www.bleepingcomputer.com/news/security/lockbit-lied-stolen-data-is-from-a-bank-not-us-federal-reserve/ https://www.bleepingcomputer.com/news/security/affirm-says-cardholders-impacted-by-evolve-bank-data-breach/
• 2024-06: Toronto school board confirms students’ info stolen as LockBit claims breach https://therecord.media/toronto-school-district-board-ransomware
• 2024-07: LockBit group claims the hack of the Fairfield Memorial Hospital in the US https://securityaffairs.com/165162/cyber-crime/lockbit-ransomware-fairfield-memorial-hospital.html
• 2024-12: Siberia’s largest dairy plant reportedly disrupted with LockBit variant https://therecord.media/siberia-dairy-plant-cyberattack-lockbit-variant
• 2025-02: LockBit taunts FBI Director Kash Patel with alleged “Classified” leak threat https://securityaffairs.com/174639/cyber-crime/lockbit-taunts-fbi-director-kash-patel.html
• 2025-04: Physicians’ billing and revenue management firm hit by LockBit https://databreaches.net/2025/04/10/physicians-billing-and-revenue-management-firm-hit-by-lockbit/

Counter Operations

• 2022-08: LockBit ransomware blames Entrust for DDoS attacks on leak sites https://www.bleepingcomputer.com/news/security/lockbit-ransomware-blames-entrust-for-ddos-attacks-on-leak-sites/
• 2022-09: LockBit ransomware builder leaked online by “angry developer” https://www.bleepingcomputer.com/news/security/lockbit-ransomware-builder-leaked-online-by-angry-developer-/
• 2022-11: Man Charged for Participation in LockBit Global Ransomware Campaign https://www.justice.gov/opa/pr/man-charged-participation-lockbit-global-ransomware-campaign
• 2023-06: Suspected LockBit ransomware affiliate arrested, charged in US https://www.bleepingcomputer.com/news/security/suspected-lockbit-ransomware-affiliate-arrested-charged-in-us/
• 2023-08: Lockbit leak, research opportunities on tools leaked from TAs https://securelist.com/lockbit-ransomware-builder-analysis/110370/
• 2023-12: Alleged LockBit operator to face new cybercrime charges in Canada https://therecord.media/lockbit-operator-to-face-new-charges-canada
• 2024-02: Operation “Cronos” Law enforcement disrupt world’s biggest ransomware operation https://www.europol.europa.eu/media-press/newsroom/news/law-enforcement-disrupt-worlds-biggest-ransomware-operation https://therecord.media/lockbit-administrator-engaging-with-police
• 2024-02: US offers $15 million bounty for info on LockBit ransomware gang https://www.bleepingcomputer.com/news/security/us-offers-15-million-bounty-for-info-on-lockbit-ransomware-gang/
• 2024-03: LockBit ransomware affiliate gets four years in jail, to pay $860k https://www.bleepingcomputer.com/news/security/lockbit-ransomware-affiliate-gets-four-years-in-jail-to-pay-860k/
• 2024-05: LockBit’s seized darknet site resurrected by police, teasing new revelations https://therecord.media/lockbit-ransomware-gang-seized-site-reappears-teasing-new-information
• 2024-05: LockBit leader unmasked and sanctioned https://www.nationalcrimeagency.gov.uk/news/lockbit-leader-unmasked-and-sanctioned https://therecord.media/lockbitsupp-interview-ransomware-cybercrime-lockbit
• 2024-06: Police arrest Conti and LockBit ransomware crypter specialist https://www.bleepingcomputer.com/news/security/police-arrest-conti-and-lockbit-ransomware-crypter-specialist/
• 2024-07: Two Foreign Nationals Plead Guilty to Participation in LockBit Ransomware Group https://www.justice.gov/usao-nj/pr/two-foreign-nationals-plead-guilty-participation-lockbit-ransomware-group
• 2024-10: LockBit power cut: four new arrests and financial sanctions against affiliates https://www.europol.europa.eu/media-press/newsroom/news/lockbit-power-cut-four-new-arrests-and-financial-sanctions-against-affiliates
• 2024-12: US seeks extradition of alleged LockBit ransomware developer from Israel https://therecord.media/lockbit-suspect-rostislav-panev-us-seeks-extradition-israel https://therecord.media/us-unseals-lockbit-complaint-israel https://www.bleepingcomputer.com/news/security/suspected-lockbit-ransomware-dev-extradited-to-united-states/
• 2025-05: LockBit ransomware gang hacked, victim negotiations exposed https://www.bleepingcomputer.com/news/security/lockbit-ransomware-gang-hacked-victim-negotiations-exposed/ https://analyst1.com/lockbit-got-hacked-again-uncovering-insights-into-the-leaked-data/ https://www.ontinue.com/resource/inside-lockbit-inner-workings-of-ransomware-giant/ https://www.trellix.com/blogs/research/inside-the-lockbits-admin-panel-leak-affiliates-victims-and-millions-in-crypto/

Information

• https://www.bleepingcomputer.com/news/security/lockbit-ransomware-moves-quietly-on-the-network-strikes-fast/
• https://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/095/481/original/010421_LockBit_Interview.pdf
• https://therecord.media/ransomware-diaries-undercover-with-the-leader-of-lockbit/
• https://securityintelligence.com/articles/how-lockbit-changed-cybersecurity/
• https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-165a
• https://medium.com/@lcam/lighting-the-exfiltration-infrastructure-of-a-lockbit-affiliate-and-more-f57fbb7a4e79
• https://analyst1.com/blog-negotiating-with-lockbit-uncovering-the-evolution-of-operations-and-newly-established-rules/
• https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-325a
• https://redsense.com/publications/lockbit-story-a-three-year-investigative-journey/
• https://www.bleepingcomputer.com/news/security/lockbit-ransomware-gang-has-over-110-million-in-unspent-bitcoin/
• https://www.resecurity.com/blog/article/lockbit-30s-bungled-comeback-highlights-the-undying-risk-of-torrent-based-data-leakage
• https://blog.talosintelligence.com/ransomware-affiliate-model/
• https://therecord.media/after-lockbit-takedown-its-purported-leader-vows-to-hack-on
• https://www.trendmicro.com/en_us/research/24/d/operation-cronos-aftermath.html
• https://www.trellix.com/blogs/research/the-lockbits-attempt-to-stay-relevant-its-imposters-and-new-opportunistic-ransomware-groups/

Other Information

Uuid

1c9dfb2e-ae8a-43f1-8b60-bcf36d669edf

Last Card Change

2025-06-30