Lockbit Targets 5 in US, UK, and Austria
Five victims have been confirmed in a recent Lockbit operation that spread across three states. All five belong to the private sector and neither have commented the recent breaches.
- Among the victims there is Misbourne, a secondary school in Great Missenden, Buckingamshire
- The attackers claimed they’ve secured important data, including bank excerpts, client details, student data, etc.
- There is no word on the ransoms being required but, knowing Lockbit, they vary depending on the victim’s financial capabilities
- Lockbit is known as a rough negotiator that rarely lowers the value of the initial ransom
Lockbit has been almost uncharacteristically active over the past several months, as reported by main investigative entities. According to the latest data, Lockbit performs several successful hits per week, sometimes more than 10.
This attack frequency keeps bringing Lockbit into the spotlight, causing investigation agencies to crack down on it constantly. Despite the relentless pressure, Lockbit hasn’t caved in so far thanks to a combination of financial power and external support.
The recent bulk of ransomware attacks falls in line with Lockbit’s main MO. The group often attacks multiple targets at once, preferably belonging to different states and even continents.
This spreads the attention and resources of law enforcement agencies, allowing Lockbit to cover its tracks more effectively. This strategy explains why Lockbit has been so difficult to investigate over the five years since it’s been active.
Our Mission
We believe security online security matters and its our mission to make it a safer place.
Lockbit’s Cybercriminal Profile and Its Trend
Lockbit started off slowly, but gained strength quite rapidly after its inception. The organization first became visible in the public space at the end of 2019. Three years later, in 2022, it was already deemed the most prolific ransomware ring in the world.
The organization racked up over 1,700 victims and more than $91 million between 2020 and 2023. Despite this unparalleled level of activity and impressive illicit gains, law enforcement agencies are still no closer to disclosing the group’s identity and structure.
Some evidence hints at Russian connections, since Lockbit’s name appeared on a Russian-speaking cybercrime forum several months after the group became public, in 2020. But nothing has been confirmed so far.
The most intimidating aspect about Lockbit is its obvious financial power, as the group enjoys great resources and support. This has allowed the group to improve its systems and tactics regularly, so that it’s constantly one step ahead of investigative agencies.
The ransomware actor underwent several upgrades over the years, first in 2021, along with the release of Lockbit 2.0. This version also came with a new malware tool called Stealbit, which automated the data exfiltration process.
Soon after, in 2022, Lockbit 3.0 came out with Lockbit paying security professionals to scan it for any potential weaknesses. They offered up to $1 million to anyone who would highlight critical system weaknesses, allowing Lockbit operators to fix them.
These constant upgrades have allowed Lockbit to take the lead in an industry as demanding as it is volatile. And explain why Lockbit has lasted so long in the game and why the group doesn’t show its age.