Two commercial entities, La Prensa and ALDO Shoes, got hit with the LockBit ransomware. One of them in located in Nicaragua and one in Canada. The attacks appear to be financially motivated, which is common for LockBit attacks.
LockBit first came to prominence in 2019 under the name of ABCD due to the file extension they were using (.abcd). The group’s most recent attack falls in line with the organization’s general MO.
LockBit prefers to avoid large enterprises, which is why under 20% of the attacks are aimed at major players. Most victims are relatively low-profile organizations, either small or medium-sized enterprises. The attacks are almost always financially motivated.
The news about the latest attack was posted by LockBit itself on the organization’s official website on Exploit. This is where they announce upcoming attacks, post recent hits, and even publish the sensitive data of those who refuse to pay.
We believe security online security matters and its our mission to make it a safer place.
LockBit only appears interested in immediate financial gains. The organization distances itself from any political affiliations or ideologies of any type. The group’s effectiveness and success rate quickly attracted the attention of other ransomware actors.
Evil Corp began using LockBit in 2022 thanks to its reliability and cost-effective profile. BlackMatter, another ransomware group, was dissolved in 2021 due to the law enforcement targeting it. The database of victims was transferred to LockBit which took over the task of extorting them.
Maze, another famous ransomware actor also started collaborating with LockBit in 2020 in a joint operation hoping to expand their influence and power. The move quickly drew in even more names along the way.
LockBit now ranks as one of the most effective ransomware groups with a low profile and a very complex approach. The victim has few tools at its disposal, as everything pretty much boils down to pay or lose everything.
Most importantly, LockBit appears to ride the wave and constantly improve its technical capabilities. This allows the actor to remain active and successful and carry out even more attacks, while remaining undetected and secure.