One of the most popular and sophisticated threats, LockBit (a RaaS group), has maintained its position of being a leader in ransomware threats. Each of its variants, namely LockBit 1.0, LockBit 2.0, and LockBit 3.0, has caused grave damage and impact during its malicious campaigns, and it continues to do so.

LockBit’s activities shooting up

  • DarkFeed researchers revealed that LockBit affiliates amassed 103 victims out of a total of 230 in September alone.
  • According to a report by Digital Shadows, in Q2 2022, LockBit was the most active group in the cybercrime underworld, holding a record for the highest number of victims (231) in a quarter.
  • Overall, LockBit has hit 1,157 victims on record (throughout its lifetime), which is way ahead of Conti (900), Hive (192), and BlackCat (177) ransomware groups.

Recent incidents

  • Most recently, British Insurance company Kingfisher Insurance’s name appeared on LockBit’s leak site. It claimed to have stolen 1.4 TB of data, including the personal details of employees and customers.
  • One of the affiliates for the LockBit 3.0 ransomware stole data from Japanese tech company Oomiya and threatened to leak that data, if the company failed to pay the demanded ransom.
  • Earlier to this, an undisclosed zero-day bug was being abused in Microsoft Exchange servers to deploy LockBit ransomware.


LockBit RaaS has emerged as a prolific threat with time. Experts believe that this threat group will continue to target enterprises around the globe improved capabilities. Therefore, it is suggested to use proactive approaches to security, such as real-time sharing of threat intel for prior detection and gain first-hand insights on such threats.
Cyware Publisher