LockBit Ransomware Group

Actor Type Criminal Group

The LockBit Ransomware Group operate a 'Ransomware-as-a-Service' offering which first emerged around 2019. According to reports the first version of LockBit ransomware was released in 2019 and originally known as 'ABCD', subsequent versions include LockBit 2.0, LockBit 3.0 and LockBit Green. In 2022 the LockBit builder was leaked which spawned multiple other ransomware strains including 'Bl00dy', 'Darkrace' and 'Brain Spider'.

In February 2024, the group's operations were targeted in a disruption campaign named 'Operation Cronos' by the UK's National Cyber Security Agency, the FBI and international law enforcement partners.

The group has targeted thousands of victims and caused losses amounting to billions of dollars. Victims have been observed across multiple sectors including healthcare, education, government and manufacturing.

Cyber Threat Graph Context

Explore how this Intrusion Set relates to the wider threat graph

LockBit Ransomware Group Threat Reports

Report

#StopRansomware: LockBit 3.0

This #StopRansomware Cybersecurity Advisory from CISA and partners describes the operations associated with LockBit 3.0 which operates as a ...

References

MITRE ATT&CK Techniques

MITRE ATT&CK techniques observed in use by this intrusion set.