3 Extortion Gangs Join Forces in Ransomware 'Cartel'
LockBit, Qilin, and DragonForce also invited other attackers to join their collaboration to share attack information and resources.
LockBit is a ransomware operation covered through reported incidents, technical analysis, disruption efforts, and guidance to defend systems and data.
Search across headline titles and summaries.
Background for this topic.
LockBit is a ransomware family and associated cybercrime operation—not an unrelated product or project—that has been reported in attacks where malware encrypts files on compromised systems and disrupts access. Coverage under this tag includes technical analysis of LockBit variants, reported incidents, infrastructure or law-enforcement disruption, and claims about stolen data or extortion; individual reports may differ in what is verified.
For defenders, the material risks are rapid encryption across reachable systems and possible exposure of data taken before encryption. Priorities include promptly addressing internet-facing vulnerabilities and exposed credentials, restricting lateral movement with segmentation and least privilege, and maintaining tested offline or otherwise isolated backups. Monitor for suspicious administrative activity and mass file changes, preserve logs and affected systems for investigation, and use threat intelligence on LockBit indicators to support containment. A suspected incident requires coordinated isolation, recovery, and assessment of privacy or regulatory obligations rather than assuming that paying restores systems or prevents disclosure.
Weekly headline count for the current query.
LockBit, Qilin, and DragonForce also invited other attackers to join their collaboration to share attack information and resources.
The leak serves as a wake-up call: Being prepared is the cornerstone of a successful defense, and those who don't prepare are going to face uncertainty caused by the lack of attackers' accountability.
Exposed data from LockBit's affiliate panel includes Bitcoin addresses, private chats with victim organizations, and user information such as credentials.
Law enforcement discovered admin credentials on the suspect's computer for an online repository hosted on the Dark Web that stored source code for multiple versions of the LockBit builder.
The Mora_001 group uses similar post-exploitation patterns and ransomware customization originated by LockBit.
US, UK, and Australian law enforcement have targeted a company called Zservers (and two of its administrators) for providing bulletproof hosting services to the infamous ransomware gang.
Dual Russian-Israeli national Rostislav Panev was arrested last August and is facing extradition to the US for playing a critical role in LockBit's RaaS activities, dating back to the ransomware gang's origins.
Since surfacing in August, the likely LockBit variant has claimed more than two dozen victims and appears poised to strike many more.
A global operation cuffed four LockBit suspects and offered more details into the org chart of Russia's infamous Evil Corp cybercrime gang.
Though the company reassures its users that customer funds were not accessed, the same cannot be said for customer information.
The ransomware group claimed it had breached the Federal Reserve, but the target now appears to have been an Arkansas-based bank, Evolve.
Accused cybercriminal has special skills that helped Conti and LockBit ransomware evade detection, according to law enforcement.
The city is still investigating the attack, and neither the group nor city officials have offered details about the ransomware demands.
Australian businesses and individuals now face government fines and consequences for paying ransoms or interacting with assets owned by LockBitSupp, aka Dmitry Yuryevich Khoroshev.
Kaspersky researchers discovered the new variant after responding to a critical incident targeting an organization in West Africa.
Nearly three months after Operation Cronos, it's clear the gang is not bouncing back from the innovative law-enforcement action. RaaS operators are on notice, and businesses should pay attention.
The truly satisfying law enforcement takedown of the ransomware giant shows the value of collaborating — and fighting back.
Law enforcement action hasn't eradicated ransomware groups, but it has shaken up the cyber underground and sown distrust among thieves.
LockBit ransomware gang claims 668GB of data it dumped online was stolen from South Africa's pension agency.