Stay updated on LockBit threats with the latest news and insights in information security. Protect your data from this notorious ransomware group.
Search across headline titles and summaries.
Background for this topic.
LockBit is a ransomware-as-a-service (RaaS) operation that has marked its presence in the realm of cyber threats by enabling affiliates to deploy the LockBit ransomware onto the networks of targeted organizations. This model involves a network of cybercriminals who share the profits generated from the ransom payments with the developers of the ransomware.
In the context of information security, LockBit poses significant threats to businesses and organizations of all sizes. Once within a network, LockBit encrypts files, making them inaccessible to users and demands a ransom in exchange for the decryption key. It is known for its fast encryption capabilities and for threatening to leak stolen data if the ransom is not paid, a tactic known as double extortion. Being vigilant against LockBit requires robust cybersecurity measures, including employee awareness training, regular data backups, and updated security protocols to avoid breaches that could lead to a LockBit infection.
Weekly headline count for the current query.
Nothing here looks dramatic at first glance. That’s the point. Many of this week’s threats begin with something ordinary, like an ad, a meeting invite, or a software update
Class Action Stems From 2023 Ransomware Attack Affecting More Than 500,000Capital Health, which operates hospitals and other facilities in New Jersey and Pennsylvania, agreed to pay $4.5 million to settle consolidated class action litigation involving a 2023 LockBit ransomware and data theft attack affecting more than a 500,000 patients and employees.
Gavin Webb orchestrated Operation Cronos as it pulled off the legendary disruption sting A senior British crimefighter has been awarded one of the country's highest tributes for public service for his role in the 2024 LockBit ransomware takedown.…
Analysis of Seized LockBit Data Suggests Victims Who Pay Enjoy More Media CoverageBad news for any organization that's ever paid a ransom in a bid to avoid their breach coming to light, or for a promise from attackers to delete stolen data, with a study of seized LockBit data finding that victims who paid a ransom were more likely to see the attack get detailed in the media.
A new report by the Financial Crimes Enforcement Network (FinCEN) shows that ransomware activity peaked in 2023 before falling in 2024, following a series of law enforcement actions targeting the ALPHV/BlackCat and LockBit ransomware gangs. [...]
‘Bulletproof’ hosts partly dodged the last attack of this sort US, UK, Australia sanction Lockbit gang’s hosting provider ‘Bulletproof’ hosts partly dodged the last attack of this sort Cybercrime fighters in the US, UK, and Australia have imposed sanctions on several Russia-linked entities they claim provide hosting services to ransomware gangs Lockbit, BlackSuit, and Play.…
Treasury Links Russian Bulletproof Host Network to Prolific Ransomware OperationsThe U.S., U.K. and Australia sanctioned Russian bulletproof host Media Land for supporting major ransomware gangs, including LockBit and Play, a move paired with new global guidance urging internet service providers to tighten access controls and disrupt cybercrime infrastructure.
Key Takeaways: 85 active ransomware and extortion groups observed in Q3 2025, reflecting the most decentralized ransomware ecosystem to date
Security, trust, and stability — once the pillars of our digital world — are now the tools attackers turn against us. From stolen accounts to fake job offers, cybercriminals keep finding new ways to exploit both system flaws and human behavior
Check Point has identified a dozen attacks in September that bore the LockBit stamp, with half of them attributed to the group’s new ransomware version
Threat actors are abusing Velociraptor, an open-source digital forensics and incident response (DFIR) tool, in connection with ransomware attacks likely orchestrated by Storm-2603 (aka CL-CRI-1040 or Gold Salem), which is known for deploying the Warlock and LockBit ransomware
Threat actors have started to use the Velociraptor digital forensics and incident response (DFIR) tool in attacks that deploy LockBit and Babuk ransomware. [...]
LockBit, Qilin, and DragonForce also invited other attackers to join their collaboration to share attack information and resources.
Three prominent ransomware groups DragonForce, LockBit, and Qilin have announced a new strategic ransomware alliance, once underscoring continued shifts in the cyber threat landscape
Cybersecurity never stops—and neither do hackers. While you wrapped up last week, new attacks were already underway
Operation Cronos didn’t kill LockBit – it just came back meaner Trend Micro has sounded the alarm over the new LockBit 5.0 ransomware strain, which it warns is "significantly more dangerous" than past versions due to its newfound ability to simultaneously target Windows, Linux, and VMware ESXi environments. …
Trend Micro highlighted the new LockBit version’s improved technical improvements and cross-platform functionality compared to previous iterations
Trend™ Research analyzed source binaries from the latest activity from notorious LockBit ransomware with their 5.0 version that exhibits advanced obfuscation, anti-analysis techniques, and seamless cross-platform capabilities for Windows, Linux, and ESXi systems.
Cybersecurity researchers have discovered a new malware loader codenamed CountLoader that has been put to use by Russian ransomware gangs to deliver post-exploitation tools like Cobalt Strike and AdaptixC2, and a remote access trojan known as PureHVNC RAT
The leak serves as a wake-up call: Being prepared is the cornerstone of a successful defense, and those who don't prepare are going to face uncertainty caused by the lack of attackers' accountability.