Official forum for Utopia Community
You are not logged in.
Nowadays, LockBit ransomware is the most dynamic and successful cybercrime structure in the world. LockBit is attributed to a Russian threat actor and emerged from the shadow of the Conti ransomware group, which disbanded in early 2022.
LockBit ransomware was first detected in September 2019 and was previously known as ABCD ransomware due to the ".abcd virus" extension which was first observed. LockBit operates on a ransomware-as-a-service (RaaS) model. In a nutshell, this means that affiliates make a deposit to use the tool and then split the ransom payment with the LockBit group. It has been reported that some affiliates receive up to 75% share. The operators of LockBit have posted advertisements for their affiliate program on Russian-language crime forums stating that they will not operate in Russia or the CIS countries, nor work with English-speaking developers unless a Russian-speaking "voucher" vouches for them.
Initial attack vectors of LockBit include social engineering, such as phishing, spear phishing, and business email compromise (BEC), exploiting public-facing applications, hiring initial access brokers" (IABs), and using stolen credentials to access valid accounts, such as remote desktop protocol (RDP), as well as brute-force cracking attacks.
During last year's Global Threat Forecast webinar, hosted by SecurityHQ, we identified LockBit as a significant threat and highlighted them as a Threat Actor to pay close attention to during 2022.
LockBit Targets#
LockBit has typically focused attacks on government entities and enterprises in a variety of sectors, such as healthcare, financial services, and industrial goods and services. The ransomware has been observed targeting countries globally, including the US, China, India, Indonesia, Ukraine, France, the UK, and Germany.
Another interesting feature of LockBit is that it is programmed in a way that it cannot be used in attacks against Russia or CIS countries (Commonwealth of Independent States). This is likely a precautionary measure taken by the group to avoid any potential backlash from the Russian government.
Offline