Search Again
LockBit
Description of SOCRadar: LockBit 3.0 is a Ransomware-as-a-Service (RaaS) group that continues the legacy of LockBit and LockBit 2.0. From January 2020, LockBit adopted an affiliate-based ransomware approach, where its affiliates use various tactics to target a wide range of businesses and critical infrastructure organizations. LockBit has been highly active in deploying models such as double extortion, initial access broker affiliates, and advertising on hacker forums. They have even been known to recruit insiders and make contests in forums for recruiting skilled hackers; such expansionist policies have attracted numerous affiliates, have victimized thousands of entities, and continue their malicious acts.
Bitwise Spider
LockBit Gang
Target Countries
Ecuador
Russian Federation
Worlwide
Panama
Colombia
+1
Target Sectors
Air Transportation
Public Administration
Energy & Utilities
National Security&International Affairs
Transportation&Warehousing
+3
Associated Malware/Software
conti
bianlian
mimikatz
Shamoon - S0140
ALF:Ransom:Win32/LockBit
+29
️Related CVEs
ATT&CK IDs:
T1069 - Permission Groups Discovery
T1046 - Network Service Scanning
T1070 - Indicator Removal on Host
T1572 - Protocol Tunneling
T1561.002 - Disk Structure Wipe
+119
| Tactic | Id | Technique | |||
|---|---|---|---|---|---|
| Collection | T1557 | Adversary-in-the-Middle |
Sub Techniques |
Detections |
Mitigations |
| Collection | T1213 | Data from Information Repositories |
Sub Techniques |
Detections |
Mitigations |
| Collection | T1530 | Data from Cloud Storage |
Sub Techniques |
Detections |
Mitigations |
| Collection | T1119 | Automated Collection |
Sub Techniques |
Detections |
Mitigations |
| Collection | T1005 | Data from Local System |
Sub Techniques |
Detections |
Mitigations |
| Collection | T1560 | Archive Collected Data |
Sub Techniques |
Detections |
Mitigations |
| Collection | T1123 | Audio Capture |
Sub Techniques |
Detections |
Mitigations |
| Collection | T1056 | Input Capture |
Sub Techniques |
Detections |
Mitigations |
| Collection | T1113 | Screen Capture |
Sub Techniques |
Detections |
Mitigations |
| Command And Control | T1572 | Protocol Tunneling |
Sub Techniques |
Detections |
Mitigations |
| Command And Control | T1090 | Proxy |
Sub Techniques |
Detections |
Mitigations |
| Command And Control | T1102 | Web Service |
Sub Techniques |
Detections |
Mitigations |
| Command And Control | T1071 | Application Layer Protocol |
Sub Techniques |
Detections |
Mitigations |
| Command And Control | T1219 | Remote Access Software |
Sub Techniques |
Detections |
Mitigations |
| Command And Control | T1105 | Ingress Tool Transfer |
Sub Techniques |
Detections |
Mitigations |
| Credential Access | T1557 | Adversary-in-the-Middle |
Sub Techniques |
Detections |
Mitigations |
| Credential Access | T1110 | Brute Force |
Sub Techniques |
Detections |
Mitigations |
| Credential Access | T1552 | Unsecured Credentials |
Sub Techniques |
Detections |
Mitigations |
| Credential Access | T1556 | Modify Authentication Process |
Sub Techniques |
Detections |
Mitigations |
| Credential Access | T1003 | OS Credential Dumping |
Sub Techniques |
Detections |
Mitigations |
| Credential Access | T1212 | Exploitation for Credential Access |
Sub Techniques |
Detections |
Mitigations |
| Credential Access | T1040 | Network Sniffing |
Sub Techniques |
Detections |
Mitigations |
| Credential Access | T1056 | Input Capture |
Sub Techniques |
Detections |
Mitigations |
| Defense Evasion | T1480 | Execution Guardrails |
Sub Techniques |
Detections |
Mitigations |
| Defense Evasion | T1078 | Valid Accounts |
Sub Techniques |
Detections |
Mitigations |
| Defense Evasion | T1036 | Masquerading |
Sub Techniques |
Detections |
Mitigations |
| Defense Evasion | T1222 | File and Directory Permissions Modification |
Sub Techniques |
Detections |
Mitigations |
| Defense Evasion | T1218 | System Binary Proxy Execution |
Sub Techniques |
Detections |
Mitigations |
| Defense Evasion | T1112 | Modify Registry |
Sub Techniques |
Detections |
Mitigations |
| Defense Evasion | T1070 | Indicator Removal |
Sub Techniques |
Detections |
Mitigations |
| Defense Evasion | T1556 | Modify Authentication Process |
Sub Techniques |
Detections |
Mitigations |
| Defense Evasion | T1140 | Deobfuscate/Decode Files or Information |
Sub Techniques |
Detections |
Mitigations |
| Defense Evasion | T1027 | Obfuscated Files or Information |
Sub Techniques |
Detections |
Mitigations |
| Defense Evasion | T1562 | Impair Defenses |
Sub Techniques |
Detections |
Mitigations |
| Defense Evasion | T1550 | Use Alternate Authentication Material |
Sub Techniques |
Detections |
Mitigations |
| Defense Evasion | T1553 | Subvert Trust Controls |
Sub Techniques |
Detections |
Mitigations |
| Defense Evasion | T1014 | Rootkit |
Sub Techniques |
Detections |
Mitigations |
| Defense Evasion | T1564 | Hide Artifacts |
Sub Techniques |
Detections |
Mitigations |
| Defense Evasion | T1548 | Abuse Elevation Control Mechanism |
Sub Techniques |
Detections |
Mitigations |
| Defense Evasion | T1574 | Hijack Execution Flow |
Sub Techniques |
Detections |
Mitigations |
| Defense Evasion | T1134 | Access Token Manipulation |
Sub Techniques |
Detections |
Mitigations |
| Defense Evasion | T1055 | Process Injection |
Sub Techniques |
Detections |
Mitigations |
| Discovery | T1012 | Query Registry |
Sub Techniques |
Detections |
Mitigations |
| Discovery | T1069 | Permission Groups Discovery |
Sub Techniques |
Detections |
Mitigations |
| Discovery | T1083 | File and Directory Discovery |
Sub Techniques |
Detections |
Mitigations |
| Discovery | T1082 | System Information Discovery |
Sub Techniques |
Detections |
Mitigations |
| Discovery | T1046 | Network Service Discovery |
Sub Techniques |
Detections |
Mitigations |
| Discovery | T1087 | Account Discovery |
Sub Techniques |
Detections |
Mitigations |
| Discovery | T1007 | System Service Discovery |
Sub Techniques |
Detections |
Mitigations |
| Discovery | T1049 | System Network Connections Discovery |
Sub Techniques |
Detections |
Mitigations |
| Discovery | T1135 | Network Share Discovery |
Sub Techniques |
Detections |
Mitigations |
| Discovery | T1057 | Process Discovery |
Sub Techniques |
Detections |
Mitigations |
| Discovery | T1016 | System Network Configuration Discovery |
Sub Techniques |
Detections |
Mitigations |
| Discovery | T1040 | Network Sniffing |
Sub Techniques |
Detections |
Mitigations |
| Discovery | T1018 | Remote System Discovery |
Sub Techniques |
Detections |
Mitigations |
| Discovery | T1033 | System Owner/User Discovery |
Sub Techniques |
Detections |
Mitigations |
| Execution | T1204 | User Execution |
Sub Techniques |
Detections |
Mitigations |
| Execution | T1072 | Software Deployment Tools |
Sub Techniques |
Detections |
Mitigations |
| Execution | T1053 | Scheduled Task/Job |
Sub Techniques |
Detections |
Mitigations |
| Execution | T1569 | System Services |
Sub Techniques |
Detections |
Mitigations |
| Execution | T1106 | Native API |
Sub Techniques |
Detections |
Mitigations |
| Execution | T1047 | Windows Management Instrumentation |
Sub Techniques |
Detections |
Mitigations |
| Execution | T1059 | Command and Scripting Interpreter |
Sub Techniques |
Detections |
Mitigations |
| Exfiltration | T1030 | Data Transfer Size Limits |
Sub Techniques |
Detections |
Mitigations |
| Exfiltration | T1048 | Exfiltration Over Alternative Protocol |
Sub Techniques |
Detections |
Mitigations |
| Exfiltration | T1567 | Exfiltration Over Web Service |
Sub Techniques |
Detections |
Mitigations |
| Exfiltration | T1537 | Transfer Data to Cloud Account |
Sub Techniques |
Detections |
Mitigations |
| Exfiltration | T1029 | Scheduled Transfer |
Sub Techniques |
Detections |
Mitigations |
| Impact | T1490 | Inhibit System Recovery |
Sub Techniques |
Detections |
Mitigations |
| Impact | T1489 | Service Stop |
Sub Techniques |
Detections |
Mitigations |
| Impact | T1498 | Network Denial of Service |
Sub Techniques |
Detections |
Mitigations |
| Impact | T1491 | Defacement |
Sub Techniques |
Detections |
Mitigations |
| Impact | T1485 | Data Destruction |
Sub Techniques |
Detections |
Mitigations |
| Impact | T1561 | Disk Wipe |
Sub Techniques |
Detections |
Mitigations |
| Impact | T1531 | Account Access Removal |
Sub Techniques |
Detections |
Mitigations |
| Impact | T1486 | Data Encrypted for Impact |
Sub Techniques |
Detections |
Mitigations |
| Initial Access | T1133 | External Remote Services |
Sub Techniques |
Detections |
Mitigations |
| Initial Access | T1195 | Supply Chain Compromise |
Sub Techniques |
Detections |
Mitigations |
| Initial Access | T1566 | Phishing |
Sub Techniques |
Detections |
Mitigations |
| Initial Access | T1190 | Exploit Public-Facing Application |
Sub Techniques |
Detections |
Mitigations |
| Initial Access | T1078 | Valid Accounts |
Sub Techniques |
Detections |
Mitigations |
| Initial Access | T1189 | Drive-by Compromise |
Sub Techniques |
Detections |
Mitigations |
| Lateral Movement | T1072 | Software Deployment Tools |
Sub Techniques |
Detections |
Mitigations |
| Lateral Movement | T1021 | Remote Services |
Sub Techniques |
Detections |
Mitigations |
| Lateral Movement | T1550 | Use Alternate Authentication Material |
Sub Techniques |
Detections |
Mitigations |
| Lateral Movement | T1210 | Exploitation of Remote Services |
Sub Techniques |
Detections |
Mitigations |
| Lateral Movement | T1570 | Lateral Tool Transfer |
Sub Techniques |
Detections |
Mitigations |
| Persistence | T1133 | External Remote Services |
Sub Techniques |
Detections |
Mitigations |
| Persistence | T1060 | Registry Run Keys / Startup Folder |
Sub Techniques |
Detections |
Mitigations |
| Persistence | T1078 | Valid Accounts |
Sub Techniques |
Detections |
Mitigations |
| Persistence | T1547 | Boot or Logon Autostart Execution |
Sub Techniques |
Detections |
Mitigations |
| Persistence | T1053 | Scheduled Task/Job |
Sub Techniques |
Detections |
Mitigations |
| Persistence | T1176 | Browser Extensions |
Sub Techniques |
Detections |
Mitigations |
| Persistence | T1556 | Modify Authentication Process |
Sub Techniques |
Detections |
Mitigations |
| Persistence | T1546 | Event Triggered Execution |
Sub Techniques |
Detections |
Mitigations |
| Persistence | T1098 | Account Manipulation |
Sub Techniques |
Detections |
Mitigations |
| Persistence | T1505 | Server Software Component |
Sub Techniques |
Detections |
Mitigations |
| Persistence | T1543 | Create or Modify System Process |
Sub Techniques |
Detections |
Mitigations |
| Persistence | T1574 | Hijack Execution Flow |
Sub Techniques |
Detections |
Mitigations |
| Persistence | T1136 | Create Account |
Sub Techniques |
Detections |
Mitigations |
| Privilege Escalation | T1078 | Valid Accounts |
Sub Techniques |
Detections |
Mitigations |
| Privilege Escalation | T1547 | Boot or Logon Autostart Execution |
Sub Techniques |
Detections |
Mitigations |
| Privilege Escalation | T1053 | Scheduled Task/Job |
Sub Techniques |
Detections |
Mitigations |
| Privilege Escalation | T1068 | Exploitation for Privilege Escalation |
Sub Techniques |
Detections |
Mitigations |
| Privilege Escalation | T1546 | Event Triggered Execution |
Sub Techniques |
Detections |
Mitigations |
| Privilege Escalation | T1098 | Account Manipulation |
Sub Techniques |
Detections |
Mitigations |
| Privilege Escalation | T1543 | Create or Modify System Process |
Sub Techniques |
Detections |
Mitigations |
| Privilege Escalation | T1548 | Abuse Elevation Control Mechanism |
Sub Techniques |
Detections |
Mitigations |
| Privilege Escalation | T1574 | Hijack Execution Flow |
Sub Techniques |
Detections |
Mitigations |
| Privilege Escalation | T1134 | Access Token Manipulation |
Sub Techniques |
Detections |
Mitigations |
| Privilege Escalation | T1055 | Process Injection |
Sub Techniques |
Detections |
Mitigations |
| Reconnaissance | T1589 | Gather Victim Identity Information |
Sub Techniques |
Detections |
Mitigations |
| Reconnaissance | T1592 | Gather Victim Host Information |
Sub Techniques |
Detections |
Mitigations |
| Reconnaissance | T1595 | Active Scanning |
Sub Techniques |
Detections |
Mitigations |
| Reconnaissance | T1590 | Gather Victim Network Information |
Sub Techniques |
Detections |
Mitigations |
| Resource Development | T1588 | Obtain Capabilities |
Sub Techniques |
Detections |
Mitigations |
| Resource Development | T1587 | Develop Capabilities |
Sub Techniques |
Detections |
Mitigations |
| Resource Development | T1583 | Acquire Infrastructure |
Sub Techniques |
Detections |
Mitigations |
Total Count : 153
https://www.bleepingcomputer.com/news/security/boeing-confirms-cyberattack-amid-lockbit-ransomware-claims/https://www.bleepingcomputer.com/news/security/darktrace-investigation-found-no-evidence-of-lockbit-breach/
https://therecord.media/dc-city-agency-ransomware-attack-lockbit
https://therecord.media/ransomware-saint-anthony-hospital-chicago
https://therecord.media/bangkok-air-confirms-passenger-pii-leak-after-ransomware-attack/
https://www.securityweek.com/virginia-county-confirms-personal-information-stolen-ransomware-attack
https://www.nationalcrimeagency.gov.uk/news/lockbit-leader-unmasked-and-sanctioned
https://www.bleepingcomputer.com/news/security/uk-rail-network-merseyrail-likely-hit-by-lockbit-ransomware/
https://www.justice.gov/usao-nj/pr/two-foreign-nationals-plead-guilty-participation-lockbit-ransomware-group
https://www.bleepingcomputer.com/news/security/kyocera-avx-says-ransomware-attack-impacted-39-000-individuals/
https://therecord.media/toronto-school-district-board-ransomware
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-325a
https://therecord.media/dutch-football-association-paid-ransom-lockbit
https://apt.etda.or.th/cgi-bin/showcard.cgi?u=1c9dfb2e-ae8a-43f1-8b60-bcf36d669edf
https://www.bankinfosecurity.com/ransomware-talent-surges-to-akira-after-lockbits-demise-a-24583
https://www.databreaches.net/los-angeles-housing-authority-hit-by-lockbit-claim/
https://www.bleepingcomputer.com/news/security/city-of-wichita-breach-claimed-by-lockbit-ransomware-gang/
https://www.databreaches.net/lockbit-updates-leak-site-with-post-about-sud-francilien-hospital/
https://www.bleepingcomputer.com/news/security/lockbit-ransomware-blames-entrust-for-ddos-attacks-on-leak-sites/
https://www.bleepingcomputer.com/news/security/lockbit-ransomware-recruiting-insiders-to-breach-corporate-networks/
https://www.bleepingcomputer.com/news/security/lockbit-lied-stolen-data-is-from-a-bank-not-us-federal-reserve/
https://therecord.media/lockbitsupp-interview-ransomware-cybercrime-lockbit
https://www.bankinfosecurity.com/lockbit-30-says-its-holding-canadian-city-for-ransom-a-20529
https://therecord.media/lockbit-takes-credit-kvie-pbs-ransomware/
https://www.bleepingcomputer.com/news/security/lockbit-ransomware-gang-has-over-110-million-in-unspent-bitcoin/
https://www.bleepingcomputer.com/news/security/affirm-says-cardholders-impacted-by-evolve-bank-data-breach/
https://www.bleepingcomputer.com/news/security/infosys-mccamish-says-lockbit-stole-data-of-6-million-people/
https://www.bleepingcomputer.com/news/security/french-hospital-chc-sv-refuses-to-pay-lockbit-extortion-demand/
https://asec.ahnlab.com/en/35822/
ttps://www.bleepingcomputer.com/news/security/suspected-lockbit-ransomware-affiliate-arrested-charged-in-us/
https://securelist.com/crimeware-report-lockbit-switchsymb/110068/
https://www.justice.gov/opa/pr/man-charged-participation-lockbit-global-ransomware-campaign
https://www.infosecurity-magazine.com/news/lockbit-ramps-up-attacks-on-public/
https://www.bleepingcomputer.com/news/security/lockbit-ransomware-claims-attack-on-continental-automotive-giant/
https://www.bankinfosecurity.com/lockbit-leaks-15tb-data-stolen-from-indonesias-bsi-bank-a-22110
https://www.bleepingcomputer.com/news/security/lockbit-ransomware-goes-green-uses-new-conti-based-encryptor/
https://www.politico.eu/article/infamous-ransomware-group-claims-it-hacked-frances-justice-ministry/
https://redsense.com/publications/lockbit-story-a-three-year-investigative-journey/
https://www.bleepingcomputer.com/news/security/spain-warns-of-lockbit-locker-ransomware-phishing-attacks/
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/3am-ransomware-lockbit
https://therecord.media/netherlands-dutch-football-association-cyberattack-soccer
https://therecord.media/jacksonville-beach-municipalities-hit-by-cyberattacks
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-165a
https://therecord.media/lockbit-operator-to-face-new-charges-canada
https://therecord.media/ransomware-diaries-undercover-with-the-leader-of-lockbit/
https://www.rapid7.com/blog/post/2023/08/29/under-siege-rapid7-observed-exploitation-of-cisco-asa-ssl-vpns/
https://www.darkreading.com/cyberattacks-data-breaches/fawry-recovering-from-lockbit-ransomware-attack-
https://securityaffairs.co/wordpress/137243/cyber-crime/oomiya-lockbit-3-0-ransomware.html
https://krebsonsecurity.com/2024/02/fulton-county-security-experts-call-lockbits-bluff/
https://securityaffairs.co/wordpress/138136/cyber-crime/lockbit-ransomware-kearney-company.html
https://www.bleepingcomputer.com/news/security/energy-group-erg-reports-minor-disruptions-after-ransomware-attack/
https://www.esentire.com/blog/russia-linked-lockbit-ransomware-gang-attacks-an-msp-and-two-manufacturers-using-the-targets-rmm-tools-to-infect-downstream-customers-and-employees-with-ransomware
https://www.cyberscoop.com/lockbit-ransomware-attack-bulgarian-refugee-agency/
https://securityaffairs.com/144342/cyber-crime/lockbit-south-korean-national-tax-service.html
https://www.bleepingcomputer.com/news/security/lockbit-ransomware-returns-restores-servers-after-police-disruption/
https://www.infosecurity-magazine.com/news/sensitive-data-uk-army-potentially/
https://www.bleepingcomputer.com/news/security/lockbit-ransomware-launches-data-leak-site-to-double-extort-victims/
https://asec.ahnlab.com/en/60633/
https://therecord.media/lockbit-ransomware-takes-credit-for-south-african-pension-fund-attack
https://securityaffairs.co/wordpress/122892/cyber-crime/e-m-i-t-aviation-consulting-ransomware.html
https://therecord.media/california-union-lockbit-attack-ransomware
https://www.trellix.com/blogs/research/the-lockbits-attempt-to-stay-relevant-its-imposters-and-new-opportunistic-ransomware-groups/
https://www.hackread.com/lockbit-ransomware-paybito-crypto-exchange-hack/
https://www.bleepingcomputer.com/news/security/blackmatter-ransomware-moves-victims-to-lockbit-after-shutdown/
https://www.bleepingcomputer.com/news/security/lockbit-claims-ransomware-attack-on-fulton-county-georgia/
https://www.bleepingcomputer.com/news/security/lockbit-ransomware-gang-gets-aggressive-with-triple-extortion-tactic/
https://www.bleepingcomputer.com/news/security/lockbit-claims-attack-on-californias-department-of-finance/
https://therecord.media/pierce-transit-washington-ransomware-attack-lockbit
https://www.bleepingcomputer.com/news/security/pendragon-car-dealer-refuses-60-million-lockbit-ransomware-demand/
https://www.theregister.com/2023/03/13/lockbit_spacex_ransomware/
https://therecord.media/porto-portugal-water-utility-cyberattack-lockbit
https://securityintelligence.com/posts/lockbit-ransomware-attacks-surge-affiliate-recruitment/
https://www.trendmicro.com/en_us/research/24/d/operation-cronos-aftermath.html
https://www.bleepingcomputer.com/news/security/lockbit-claims-ransomware-attack-on-security-giant-entrust-leaks-data/
https://www.bleepingcomputer.com/news/security/canadian-government-discloses-data-breach-after-contractor-hacks/
https://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees
https://www.bleepingcomputer.com/news/security/ransomware-gang-now-lets-you-search-their-stolen-data/
https://therecord.media/lockbit-administrator-engaging-with-police
https://therecord.media/french-telecom-company-la-poste-mobile-struggling-to-recover-from-ransomware-attack/
https://www.bleepingcomputer.com/news/security/lockbit-ransomware-moves-quietly-on-the-network-strikes-fast/
https://www.bleepingcomputer.com/news/security/interpol-lockbit-ransomware-attacks-affecting-american-smbs/
https://news.sophos.com/en-us/2022/08/10/lockbit-hive-and-blackcat-attack-automotive-supplier-in-triple-ransomware-attack/
https://www.theregister.com/2023/10/06/cdw_lockbit_negotiations/
https://www.trendmicro.com/en_us/research/24/b/lockbit-attempts-to-stay-afloat-with-a-new-version.html
https://therecord.media/lockbit-ransomware-group-attacks-ohio-towns-court-police-department-and-more/
https://www.bleepingcomputer.com/news/security/us-offers-15-million-bounty-for-info-on-lockbit-ransomware-gang/
https://www.trendmicro.com/en_us/research/21/h/lockbit-resurfaces-with-version-2-0-ransomware-detections-in-chi.html
https://www.bleepingcomputer.com/news/security/rail-giant-wabtec-discloses-data-breach-after-lockbit-ransomware-attack/
https://www.bleepingcomputer.com/news/security/lockbit-ransomware-returns-to-attacks-with-new-encryptors-servers/
https://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/095/481/original/010421_LockBit_Interview.pdf
https://therecord.media/california-college-rio-hondo-cyberattack
https://www.bleepingcomputer.com/news/security/lockbit-ransomware-leaks-gigabytes-of-boeing-data/
https://www.bleepingcomputer.com/news/security/lockbit-ransomware-self-spreads-to-quickly-encrypt-225-systems/
https://www.bleepingcomputer.com/news/security/tsmc-denies-lockbit-hack-as-ransomware-gang-demands-70-million/
https://www.bleepingcomputer.com/news/security/lockbit-ransomware-disrupts-emergency-care-at-german-hospitals/
https://therecord.media/aldo-franchise-partner-lockbit-ransomware-posting
https://therecord.media/lockbit-ransomware-gang-seized-site-reappears-teasing-new-information
https://www.bleepingcomputer.com/news/security/lockbit-ransomware-gang-claims-royal-mail-cyberattack/
https://therecord.media/ykk-zipper-manufacturer-cyberattack-us-operations
https://www.bleepingcomputer.com/news/security/lockbit-ransomware-now-poaching-blackcat-noescape-affiliates/
https://www.bleepingcomputer.com/news/security/mandiant-no-evidence-we-were-hacked-by-lockbit-ransomware/
https://www.bleepingcomputer.com/news/security/lockbit-ransomware-claims-essendant-attack-company-says-network-outage-/
https://therecord.media/foxsemicon-ransomware-attack-taiwan
https://securityaffairs.com/156090/cyber-crime/westpole-ransomware-attack.html
https://therecord.media/after-lockbit-takedown-its-purported-leader-vows-to-hack-on
https://therecord.media/port-of-lisbon-website-still-down-as-lockbit-gang-claims-cyberattack/
https://therecord.media/california-city-el-cerrito-investigates-data-theft-lockbit
https://www.bleepingcomputer.com/news/security/lockbit-ransomware-affiliate-gets-four-years-in-jail-to-pay-860k/
https://therecord.media/pharmaceutical-development-company-investigating-cyber-incident-lockbit
https://www.zdnet.com/article/ransomware-hits-helicopter-maker-kopter/
https://www.bleepingcomputer.com/news/security/lockbit-ransomware-encryptors-found-targeting-mac-devices/
https://medium.com/@lcam/lighting-the-exfiltration-infrastructure-of-a-lockbit-affiliate-and-more-f57fbb7a4e79
https://therecord.media/lockbit-cyberattack-shuts-down-networks-in-seville-spain
https://www.europol.europa.eu/media-press/newsroom/news/law-enforcement-disrupt-worlds-biggest-ransomware-operation
https://www.darkreading.com/cyberattacks-data-breaches/subway-lockbit-investigation-on-menu
https://www.bleepingcomputer.com/news/security/lockbit-ransomware-builder-leaked-online-by-angry-developer-/
https://www.bleepingcomputer.com/news/security/lockbit-30-introduces-the-first-ransomware-bug-bounty-program/
https://securityaffairs.com/149307/cyber-crime/varian-medical-systems-lockbit-ransomware.html
https://therecord.media/upstate-new-york-hospitals-ransomware-attack
https://blog.talosintelligence.com/ransomware-affiliate-model/
https://www.bankinfosecurity.com/lockbit-30-leaks-600-gbs-data-stolen-from-indian-lender-a-22010
https://www.bleepingcomputer.com/news/security/lockbit-ransomware-gang-now-also-claims-city-of-oakland-breach/
https://therecord.media/virginia-school-district-open-lockbit
https://securityaffairs.com/150247/cyber-crime/lockbit-ransomware-csem.html
https://www.cyber.nj.gov/Home/Components/News/News/1312/214?fsiteid=2&loadingmode=PreviewContent
https://therecord.media/top-aces-ransomware-attack-lockbit/
https://therecord.media/florida-sheriff-data-leak-lockbit-ransomware
https://securityaffairs.com/156303/cyber-crime/lockbit-gang-xeinadin.html
https://www.bleepingcomputer.com/news/security/police-arrest-conti-and-lockbit-ransomware-crypter-specialist/
https://therecord.media/siemens-healthineers-alleged-ransomware-incident-lockbit
https://www.bleepingcomputer.com/news/security/capital-health-attack-claimed-by-lockbit-ransomware-risk-of-data-leak/
https://www.bleepingcomputer.com/news/security/accenture-confirms-hack-after-lockbit-ransomware-data-leak-threats/
https://www.bleepingcomputer.com/news/security/foxconn-confirms-ransomware-attack-disrupted-production-in-mexico/
https://therecord.media/russian-cybercriminals-target-uk-school
https://therecord.media/wisconsin-county-dealing-with-software-failure
https://www.bleepingcomputer.com/news/security/microsoft-exchange-servers-hacked-to-deploy-lockbit-ransomware/
https://www.bleepingcomputer.com/news/security/bridgestone-americas-confirms-ransomware-attack-lockbit-leaks-data/
https://www.bleepingcomputer.com/news/security/lockbit-claims-ransomware-attack-on-italian-tax-agency/
https://www.databreaches.net/breaking-lockbit-3-0-gives-sick-kids-free-decryptor-claims-to-ban-partner-who-attacked-them/
https://www.resecurity.com/blog/article/lockbit-30s-bungled-comeback-highlights-the-undying-risk-of-torrent-based-data-leakage
https://www.bleepingcomputer.com/news/security/lockbit-says-they-stole-data-in-london-drugs-ransomware-attack/
https://therecord.media/rio-de-janeiro-finance-department-hit-with-lockbit-ransomware/
https://www.bleepingcomputer.com/news/security/microsoft-clop-and-lockbit-ransomware-behind-papercut-server-hacks/
https://securityaffairs.com/165162/cyber-crime/lockbit-ransomware-fairfield-memorial-hospital.html
https://www.cyber.gov.au/acsc/view-all-content/alerts/lockbit-20-ransomware-incidents-australia
https://doublepulsar.com/lockbit-ransomware-group-assemble-strike-team-to-breach-banks-law-firms-and-governments-4220580bfcee?gi=af98d89a956a
https://securityintelligence.com/articles/how-lockbit-changed-cybersecurity/
https://securelist.com/lockbit-ransomware-builder-analysis/110370/
https://www.europol.europa.eu/media-press/newsroom/news/lockbit-power-cut-four-new-arrests-and-financial-sanctions-against-affiliates
https://www.theregister.com/2024/01/03/estes_ransomware/
https://therecord.media/icbc-dealing-with-ransomware-attack
https://analyst1.com/blog-negotiating-with-lockbit-uncovering-the-evolution-of-operations-and-newly-established-rules/
https://therecord.media/montreal-electricity-organization-lockbit-victim
Copyright © 2023 SOCRadar Cyber Intelligence Inc.
All rights
reserved.
