New LockBit Ransomware Victims Identified by Security Researchers
Check Point has identified a dozen attacks in September that bore the LockBit stamp, with half of them attributed to the group’s new ransomware version
LockBit is a ransomware operation covered through reported incidents, technical analysis, disruption efforts, and guidance to defend systems and data.
Search across headline titles and summaries.
Background for this topic.
LockBit is a ransomware family and associated cybercrime operation—not an unrelated product or project—that has been reported in attacks where malware encrypts files on compromised systems and disrupts access. Coverage under this tag includes technical analysis of LockBit variants, reported incidents, infrastructure or law-enforcement disruption, and claims about stolen data or extortion; individual reports may differ in what is verified.
For defenders, the material risks are rapid encryption across reachable systems and possible exposure of data taken before encryption. Priorities include promptly addressing internet-facing vulnerabilities and exposed credentials, restricting lateral movement with segmentation and least privilege, and maintaining tested offline or otherwise isolated backups. Monitor for suspicious administrative activity and mass file changes, preserve logs and affected systems for investigation, and use threat intelligence on LockBit indicators to support containment. A suspected incident requires coordinated isolation, recovery, and assessment of privacy or regulatory obligations rather than assuming that paying restores systems or prevents disclosure.
Weekly headline count for the current query.
Check Point has identified a dozen attacks in September that bore the LockBit stamp, with half of them attributed to the group’s new ransomware version
Trend Micro highlighted the new LockBit version’s improved technical improvements and cross-platform functionality compared to previous iterations
The data dump will likely shed light on LockBit’s recent activity and help law enforcement trace cryptocurrency transactions
A new ransomware campaign is automating LockBit deployment via the Phorpiex botnet, according to Cybereason
US authorities have extradited Rostislav Panev on charges of being a developer of the notorious LockBit ransomware
The LockBitSupp persona said LockBit 4.0 will be launched in February 2025
Mikhail Matveev, aka WazaWaka, had worked with several ransomware groups, including Babuk, Conti, Darkside, Hive and LockBit
An unidentified threat actor has attempted to develop ransomware targeting macOS devices, posing as LockBit
Symantec data reveals RansomHub claimed more attacks than any other group in Q3 2024
The UK has sanctioned 16 members of the notorious Russian hacking group Evil Corp, exposing their links to the prolific LockBit ransomware group
Two Russian nationals have pleaded guilty to charges relating to their participation in the LockBit ransomware gang
The LockBit ransomware group returned the fold to launch 176 attacks in May 2024 following a law enforcement takedown, NCC Group found
Ukrainian police appear to have arrested a cryptor specialist with links to major ransomware groups
Russian national Dmitry Yuryevich Khoroshev is behind the LockBitSupp persona, law enforcement revealed
The data from ReliaQuest also suggests LockBit faced a significant setback due to law enforcement action
Cyber threat intelligence provider Cyble found that DragonForce was using a ransomware binary based on LockBit Black’s builder
Kaspersky also uncovered the use of the SessionGopher script to extract saved passwords
A Trend Micro report shows a clear drop in the number of actual infections associated with the LockBit ransomware following Operation Cronos
Law enforcement agencies involved in Operation Cronos have announced they have been in contact with the LockBit kingpin aka LockbitSupp
What businesses should know about Operation Cronos and LockBit, one of the largest ransomware takedowns in history