LockBit is a Ransomware-as-a-Service (RaaS) that was first discovered in September 2019, under the name of .ABCD virus. Since then, it has been updated with several new features.

What happened?

Recently, the attackers behind this ransomware launched a new data leak website and started using a double extortion tactic to scare victims into paying a ransom.

Top targets

According to McAfee, LockBit mostly targets organizations located in the U.S., the U.K, France, Ukraine, Germany, India, China, and Indonesia.
  • Last month, the ransomware gang was spotted actively targeting American medium-sized companies.
  • In June, LockBit had targeted the international architectural firm SmithGroup, whose data was posted on Maze group’s data leak website.
  • In May, hackers affiliated with the LockBit ransomware targeted a corporate network and encrypted approximately 25 servers and 225 workstations.

Attack characteristics

The ransomware group first gains unauthorized access to the targeted network and seeks weak account passwords lacking multi-factor authentication protection. Let's have a look into their attack techniques:

Collaboration with Maze ransomware group

In June, the Maze ransomware gang hosted the data stolen by the LockBit ransomware group on its data leak website. This suggests a collaboration between the two cybercrime groups.


LockBit will exploit any weakness in a network; therefore, researchers advise that organizations should fortify their network with adequate security defenses. In addition to this, it is advisable to always take a backup of important data and store the backups separately that cannot be accessed from a network, experts say.

Cyware Publisher