LockBit Ransomware Group
| Actor Type | Criminal Group |
|---|
The LockBit Ransomware Group operate a 'Ransomware-as-a-Service' offering which first emerged around 2019. According to reports the first version of LockBit ransomware was released in 2019 and originally known as 'ABCD', subsequent versions include LockBit 2.0, LockBit 3.0 and LockBit Green. In 2022 the LockBit builder was leaked which spawned multiple other ransomware strains including 'Bl00dy', 'Darkrace' and 'Brain Spider'.
In February 2024, the group's operations were targeted in a disruption campaign named 'Operation Cronos' by the UK's National Cyber Security Agency, the FBI and international law enforcement partners.
The group has targeted thousands of victims and caused losses amounting to billions of dollars. Victims have been observed across multiple sectors including healthcare, education, government and manufacturing.
Cyber Threat Graph Context
Explore how this Intrusion Set relates to the wider threat graph
LockBit Ransomware Group Threat Reports
#StopRansomware: LockBit 3.0
This #StopRansomware Cybersecurity Advisory from CISA and partners describes the operations associated with LockBit 3.0 which operates as a ...
References
www.cisa.gov
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-165anews.sky.com
https://news.sky.com/story/lockbit-ransomware-gangs-origins-tactics-and-past-targets-and-what-next-after-policing-breakthrough-13075988unit42.paloaltonetworks.com
https://unit42.paloaltonetworks.com/lockbit-2-ransomware/nationalcrimeagency.gov.uk
https://nationalcrimeagency.gov.uk/news/nca-leads-international-investigation-targeting-worlds-most-harmful-ransomware-groupblog.talosintelligence.com
https://blog.talosintelligence.com/ransomware-affiliate-model/www.cisa.gov
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-075aMITRE ATT&CK Techniques
MITRE ATT&CK techniques observed in use by this intrusion set.