LockBit Ransomware Group Attacks the Hanwha Group and Steals 800GB of Data

Alex Popa

By Alex Popa . 12 September 2023

Cybersecurity Journalist

On 8th of September, the LockBit ransomware group announced on Dark Web that they’ve added the Hanwha Group to their victim list. They also stole 800GB worth of data from the organization.


  • LockBit is one of the most prolific ransomware groups in 2023, targeting various industries indiscriminately
  • The Hanwha Group is an important business conglomerate in South Korea, operating on three fronts: machinery, defense, and explosives and chemical
  • The LockBit group has stolen 800GB of data from Hanwha and threatens that it will publish the data unless the ransom is paid
  • It is not currently known what the ransom is, whether Hanwha has responded to the threats, and whether the situation is still ongoing

Being a Fortune 500 company and the 7th largest business enterprise in South Korea, the Hanwha Group made an attractive target for the hacking group.

Lockbit hackers


Since the Hanwha Group hasn’t responded publicly yet, we don’t know if the details about the attack are real or not. For now, they remain allegations made by LockBit.

LockBit History

LockBit was the most notorious and “popular” ransomware in the world back in 2022. It still remains a top-threat in 2023.

According to America’s Cyber Defense Agency:

  • From April 2022 to March 2023, LockBit was responsible for 18% of all Australian-related ransomware incidents

  • In 2022, LockBit was responsible for all Canada-related ransomware incidents

  • In 2022, there were 15 reports of LockBit ransomware attacks in New Zealand, accounting for 23% of all the ransomware reports in the country for that year

  • In 2022, 16% of the state, local, tribal, and tribunal government ransomware incidents belonged to LockBit

  • Since 2020, there were around 1,700 LockBit ransomware attacks in the US

  • Since 2020, around $91 million was paid to LockBit during ransomware attacks in the US

  • The first LockBit activity was noticed on January 5th, 2020, in the US, which is the earliest observation of the group

The LockBit Ransomware group (RaaS) has been very prolific throughout the years, attracting many affiliates (individuals with access to the LockBit program).

They generally promise ransom payments to the affiliates first, disparage other ransomware groups online, and engage in publicity stunts.

The LockBit ransomware program is also one of the simpler ones available on the black market, from an accessibility standpoint. This way, even those with a low technical level can use it effectively.

In short, the LockBit Ransomware group is one of the best-organized hacker groups in the world. They’re hiding their identities well, attract a lot of affiliates, and they’re very skillful.

We should expect the Hanwha Group attack to become a precursor for other high-stake attacks in the near future.

Our Mission

We believe security online security matters and its our mission to make it a safer place.

Leave a Comment