| Names | LockBit Gang (?)
Bitwise Spider (CrowdStrike) |
| Country | [Unknown] |
| Motivation | Financial gain |
| First seen | 2019 |
| Description | (Bleeping Computer) LockBit ransomware takes as little as five minutes to deploy the encryption routine on target systems once it lands on the victim network.
Joining the ransomware-as-a-service (RaaS) business in September 2019, LockBit is atypical in that it’s driven by automated processes for quick spreading across the victim network, identifying valuable systems and locking them up.
LockBit attacks leave few traces for forensic analysis as the malware loads into the system memory, with logs and supporting files removed upon execution. |
| Observed | Sectors: Aviation, Defense, Energy, Financial, Healthcare, Transportation.
Countries: Worlwide. |
| Tools used | 3AM, CrackMapExec, EmpireProject, LockBit, Mimikatz, PsExec. |
| Operations performed | May 2020 | LockBit ransomware self-spreads to quickly encrypt 225 systems
<https://www.bleepingcomputer.com/news/security/lockbit-ransomware-self-spreads-to-quickly-encrypt-225-systems/> |
| Aug 2020 | Interpol: Lockbit ransomware attacks affecting American SMBs
<https://www.bleepingcomputer.com/news/security/interpol-lockbit-ransomware-attacks-affecting-american-smbs/> |
| Sep 2020 | LockBit ransomware launches data leak site to double-extort victims
<https://www.bleepingcomputer.com/news/security/lockbit-ransomware-launches-data-leak-site-to-double-extort-victims/> |
| Dec 2020 | Ransomware hits helicopter maker Kopter
<https://www.zdnet.com/article/ransomware-hits-helicopter-maker-kopter/> |
| Apr 2021 | UK rail network Merseyrail likely hit by Lockbit ransomware
<https://www.bleepingcomputer.com/news/security/uk-rail-network-merseyrail-likely-hit-by-lockbit-ransomware/> |
| Jun 2021 | LockBit Resurfaces With Version 2.0 Ransomware Detections in Chile, Italy, Taiwan, UK
<https://www.trendmicro.com/en_us/research/21/h/lockbit-resurfaces-with-version-2-0-ransomware-detections-in-chi.html> |
| Aug 2021 | Energy group ERG reports minor disruptions after ransomware attack
<https://www.bleepingcomputer.com/news/security/energy-group-erg-reports-minor-disruptions-after-ransomware-attack/> |
| Aug 2021 | LockBit ransomware recruiting insiders to breach corporate networks
<https://www.bleepingcomputer.com/news/security/lockbit-ransomware-recruiting-insiders-to-breach-corporate-networks/> |
| Aug 2021 | LockBit 2.0 ransomware incidents in Australia
<https://www.cyber.gov.au/acsc/view-all-content/alerts/lockbit-20-ransomware-incidents-australia> |
| Aug 2021 | Accenture confirms hack after LockBit ransomware data leak threats
<https://www.bleepingcomputer.com/news/security/accenture-confirms-hack-after-lockbit-ransomware-data-leak-threats/> |
| Aug 2021 | LockBit Ransomware Wants to Hire Your Employees
<https://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees> |
| Aug 2021 | Bangkok Air confirms passenger PII leak after ransomware attack
<https://therecord.media/bangkok-air-confirms-passenger-pii-leak-after-ransomware-attack/> |
| Sep 2021 | LockBit 2.0: Ransomware Attacks Surge After Successful Affiliate Recruitment
<https://securityintelligence.com/posts/lockbit-ransomware-attacks-surge-affiliate-recruitment/> |
| Oct 2021 | LockBit 2.0 ransomware hit Israeli defense firm E.M.I.T. Aviation Consulting
<https://securityaffairs.co/wordpress/122892/cyber-crime/e-m-i-t-aviation-consulting-ransomware.html> |
| Nov 2021 | BlackMatter ransomware moves victims to LockBit after shutdown
<https://www.bleepingcomputer.com/news/security/blackmatter-ransomware-moves-victims-to-lockbit-after-shutdown/> |
| Jan 2022 | Infamous ransomware group claims it hacked France’s Justice Ministry
<https://www.politico.eu/article/infamous-ransomware-group-claims-it-hacked-frances-justice-ministry/> |
| Jan 2022 | LockBit ransomware gang claims PayBito crypto exchange as new victim
<https://www.hackread.com/lockbit-ransomware-paybito-crypto-exchange-hack/> |
| Feb 2022 | Bridgestone Americas confirms ransomware attack, LockBit leaks data
<https://www.bleepingcomputer.com/news/security/bridgestone-americas-confirms-ransomware-attack-lockbit-leaks-data/> |
| Feb 2022 | Russia-Linked LockBit Gang Attacks an MSP and Two Manufacturers Using the Targets' RMM Tools to Infect Downstream Customers and Employees with Ransomware
<https://www.esentire.com/blog/russia-linked-lockbit-ransomware-gang-attacks-an-msp-and-two-manufacturers-using-the-targets-rmm-tools-to-infect-downstream-customers-and-employees-with-ransomware> |
| Mar 2022 | Rail giant Wabtec discloses data breach after Lockbit ransomware attack
<https://www.bleepingcomputer.com/news/security/rail-giant-wabtec-discloses-data-breach-after-lockbit-ransomware-attack/> |
| Apr 2022 | Rio de Janeiro finance department hit with LockBit ransomware
<https://therecord.media/rio-de-janeiro-finance-department-hit-with-lockbit-ransomware/> |
| Apr 2022 | Lockbit, Hive, and BlackCat attack automotive supplier in triple ransomware attack
<https://news.sophos.com/en-us/2022/08/10/lockbit-hive-and-blackcat-attack-automotive-supplier-in-triple-ransomware-attack/> |
| May 2022 | LockBit 2.0 posted a notice to the dark web portal it uses to identify and extort its victims saying it had files from the Bulgarian State Agency for Refugees under the Council of Ministers.
<https://www.cyberscoop.com/lockbit-ransomware-attack-bulgarian-refugee-agency/> |
| May 2022 | Canadian fighter jet training company investigating ransomware attack
<https://therecord.media/top-aces-ransomware-attack-lockbit/> |
| May 2022 | Foxconn confirms ransomware attack disrupted production in Mexico
<https://www.bleepingcomputer.com/news/security/foxconn-confirms-ransomware-attack-disrupted-production-in-mexico/> |
| Jun 2022 | Mandiant: “No evidence” we were hacked by LockBit ransomware
<https://www.bleepingcomputer.com/news/security/mandiant-no-evidence-we-were-hacked-by-lockbit-ransomware/> |
| Jun 2022 | LockBit Ransomware Disguised as Copyright Claim E-mail Being Distributed
<https://asec.ahnlab.com/en/35822/> |
| Jun 2022 | LockBit claims ransomware attack on security giant Entrust, leaks data
<https://www.bleepingcomputer.com/news/security/lockbit-claims-ransomware-attack-on-security-giant-entrust-leaks-data/> |
| Jun 2022 | LockBit 3.0 introduces the first ransomware bug bounty program
<https://www.bleepingcomputer.com/news/security/lockbit-30-introduces-the-first-ransomware-bug-bounty-program/> |
| Jul 2022 | French telecom company La Poste Mobile struggling to recover from ransomware attack
<https://therecord.media/french-telecom-company-la-poste-mobile-struggling-to-recover-from-ransomware-attack/> |
| Jul 2022 | Ransomware gang now lets you search their stolen data
<https://www.bleepingcomputer.com/news/security/ransomware-gang-now-lets-you-search-their-stolen-data/> |
| Jul 2022 | LockBit claims ransomware attack on Italian tax agency
<https://www.bleepingcomputer.com/news/security/lockbit-claims-ransomware-attack-on-italian-tax-agency/> |
| Jul 2022 | The prolific Lockbit ransomware gang appears to have claimed another two scalps in recent days: the Canadian town of St Marys and the Italian tax agency.
<https://www.infosecurity-magazine.com/news/lockbit-ramps-up-attacks-on-public/> |
| Aug 2022 | LockBit ransomware gang gets aggressive with triple-extortion tactic
<https://www.bleepingcomputer.com/news/security/lockbit-ransomware-gang-gets-aggressive-with-triple-extortion-tactic/> |
| Sep 2022 | LockBit updates leak site with post about Sud-Francilien hospital
<https://www.databreaches.net/lockbit-updates-leak-site-with-post-about-sud-francilien-hospital/> |
| Sep 2022 | Virginia County Confirms Personal Information Stolen in Ransomware Attack
<https://www.securityweek.com/virginia-county-confirms-personal-information-stolen-ransomware-attack> |
| Oct 2022 | Microsoft Exchange servers hacked to deploy LockBit ransomware
<https://www.bleepingcomputer.com/news/security/microsoft-exchange-servers-hacked-to-deploy-lockbit-ransomware/> |
| Oct 2022 | Japanese tech firm Oomiya hit by LockBit 3.0. Multiple supply chains potentially impacted
<https://securityaffairs.co/wordpress/137243/cyber-crime/oomiya-lockbit-3-0-ransomware.html> |
| Oct 2022 | Pendragon car dealer refuses $60 million LockBit ransomware demand
<https://www.bleepingcomputer.com/news/security/pendragon-car-dealer-refuses-60-million-lockbit-ransomware-demand/> |
| Nov 2022 | LockBit ransomware claims attack on Continental automotive giant
<https://www.bleepingcomputer.com/news/security/lockbit-ransomware-claims-attack-on-continental-automotive-giant/> |
| Nov 2022 | LockBit 3.0 gang claims to have stolen data from Kearney & Company
<https://securityaffairs.co/wordpress/138136/cyber-crime/lockbit-ransomware-kearney-company.html> |
| Nov 2022 | LockBit 3.0 Says It's Holding a Canadian City for Ransom
<https://www.bankinfosecurity.com/lockbit-30-says-its-holding-canadian-city-for-ransom-a-20529> |
| Nov 2022 | LockBit takes credit for November ransomware attack on Sacramento PBS station
<https://therecord.media/lockbit-takes-credit-kvie-pbs-ransomware/> |
| Dec 2022 | LockBit claims attack on California's Department of Finance
<https://www.bleepingcomputer.com/news/security/lockbit-claims-attack-on-californias-department-of-finance/> |
| Dec 2022 | LockBit ransomware used in attack on Ohio town’s court, police department and more
<https://therecord.media/lockbit-ransomware-group-attacks-ohio-towns-court-police-department-and-more/> |
| Dec 2022 | Port of Lisbon website still down as LockBit gang claims cyberattack
<https://therecord.media/port-of-lisbon-website-still-down-as-lockbit-gang-claims-cyberattack/> |
| Dec 2022 | LockBit 3.0 gives Sick Kids free decryptor, claims to ban partner who attacked them
<https://www.databreaches.net/breaking-lockbit-3-0-gives-sick-kids-free-decryptor-claims-to-ban-partner-who-attacked-them/> |
| Dec 2022 | Los Angeles’ Housing Authority hit by LockBit
<https://www.databreaches.net/los-angeles-housing-authority-hit-by-lockbit-claim/> |
| Jan 2023 | LockBit ransomware gang claims Royal Mail cyberattack
<https://www.bleepingcomputer.com/news/security/lockbit-ransomware-gang-claims-royal-mail-cyberattack/> |
| Jan 2023 | LockBit ransomware goes 'Green,' uses new Conti-based encryptor
<https://www.bleepingcomputer.com/news/security/lockbit-ransomware-goes-green-uses-new-conti-based-encryptor/> |
| Feb 2023 | LockBit gang takes credit for attack on water utility in Portugal
<https://therecord.media/porto-portugal-water-utility-cyberattack-lockbit> |
| Feb 2023 | Washington state public bus system confirms ransomware attack
<https://therecord.media/pierce-transit-washington-ransomware-attack-lockbit> |
| Feb 2023 | LockBit ransomware gang now also claims City of Oakland breach
<https://www.bleepingcomputer.com/news/security/lockbit-ransomware-gang-now-also-claims-city-of-oakland-breach/> |
| Feb 2023 | LockBit Green and phishing that targets organizations
<https://securelist.com/crimeware-report-lockbit-switchsymb/110068/> |
| Mar 2023 | LockBit brags: We'll leak thousands of SpaceX blueprints stolen from supplier
<https://www.theregister.com/2023/03/13/lockbit_spacex_ransomware/> |
| Mar 2023 | LockBit ransomware claims Essendant attack, company says “network outage”
<https://www.bleepingcomputer.com/news/security/lockbit-ransomware-claims-essendant-attack-company-says-network-outage-/> |
| Mar 2023 | Data stolen from Florida sheriff’s office leaked by LockBit ransomware group
<https://therecord.media/florida-sheriff-data-leak-lockbit-ransomware> |
| Mar 2023 | LockBit leaks data stolen from the South Korean National Tax Service
<https://securityaffairs.com/144342/cyber-crime/lockbit-south-korean-national-tax-service.html> |
| Apr 2023 | Darktrace: Investigation found no evidence of LockBit breach
<https://www.bleepingcomputer.com/news/security/darktrace-investigation-found-no-evidence-of-lockbit-breach/> |
| Apr 2023 | LockBit ransomware encryptors found targeting Mac devices
<https://www.bleepingcomputer.com/news/security/lockbit-ransomware-encryptors-found-targeting-mac-devices/> |
| Apr 2023 | Microsoft: Clop and LockBit ransomware behind PaperCut server hacks
<https://www.bleepingcomputer.com/news/security/microsoft-clop-and-lockbit-ransomware-behind-papercut-server-hacks/> |
| Apr 2023 | LockBit 3.0 Leaks 600 GBs of Data Stolen From Indian Lender
<https://www.bankinfosecurity.com/lockbit-30-leaks-600-gbs-data-stolen-from-indian-lender-a-22010> |
| Apr 2023 | Royal Dutch Football Association says hackers stole employee data
<https://therecord.media/netherlands-dutch-football-association-cyberattack-soccer>
<https://therecord.media/dutch-football-association-paid-ransom-lockbit> |
| May 2023 | LockBit Leaks 1.5TB of Data Stolen From Indonesia's BSI Bank
<https://www.bankinfosecurity.com/lockbit-leaks-15tb-data-stolen-from-indonesias-bsi-bank-a-22110> |
| May 2023 | Kyocera AVX says ransomware attack impacted 39,000 individuals
<https://www.bleepingcomputer.com/news/security/kyocera-avx-says-ransomware-attack-impacted-39-000-individuals/> |
| Jun 2023 | Zipper giant YKK confirms cyberattack targeted U.S. networks
<https://therecord.media/ykk-zipper-manufacturer-cyberattack-us-operations> |
| Jun 2023 | TSMC denies LockBit hack as ransomware gang demands $70 million
<https://www.bleepingcomputer.com/news/security/tsmc-denies-lockbit-hack-as-ransomware-gang-demands-70-million/> |
| Jul 2023 | Wisconsin county dealing with ‘catastrophic software failure’; California city declares ransomware emergency
<https://therecord.media/wisconsin-county-dealing-with-software-failure> |
| Jul 2023 | Russia-linked cybercriminals target school for children with learning difficulties
<https://therecord.media/russian-cybercriminals-target-uk-school> |
| Aug 2023 | The LockBit ransomware group threatens to leak medical data of cancer patients stolen from Varian Medical Systems
<https://securityaffairs.com/149307/cyber-crime/varian-medical-systems-lockbit-ransomware.html> |
| Aug 2023 | Sensitive Data about UK Military Sites Potentially Leaked by LockBit
<https://www.infosecurity-magazine.com/news/sensitive-data-uk-army-potentially/> |
| Aug 2023 | California city investigating data theft after ransomware group’s claims
<https://therecord.media/california-city-el-cerrito-investigates-data-theft-lockbit> |
| Aug 2023 | Siemens Healthineers responds to alleged data theft by LockBit ransomware gang
<https://therecord.media/siemens-healthineers-alleged-ransomware-incident-lockbit> |
| Aug 2023 | Spain warns of LockBit Locker ransomware phishing attacks
<https://www.bleepingcomputer.com/news/security/spain-warns-of-lockbit-locker-ransomware-phishing-attacks/> |
| Aug 2023 | Montreal electricity organization latest victim in LockBit ransomware spree
<https://therecord.media/montreal-electricity-organization-lockbit-victim> |
| Aug 2023 | The LockBit ransomware gang claims to have breached the Commission des services electriques de Montréal (CSEM)
<https://securityaffairs.com/150247/cyber-crime/lockbit-ransomware-csem.html> |
| Aug 2023 | Under Siege: Rapid7-Observed Exploitation of Cisco ASA SSL VPNs
<https://www.rapid7.com/blog/post/2023/08/29/under-siege-rapid7-observed-exploitation-of-cisco-asa-ssl-vpns/> |
| Sep 2023 | CDW data to be leaked next week after negotiations with LockBit break down
<https://www.theregister.com/2023/10/06/cdw_lockbit_negotiations/> |
| Sep 2023 | Alleged LockBit attack shuts down city networks in Seville
<https://therecord.media/lockbit-cyberattack-shuts-down-networks-in-seville-spain> |
| Sep 2023 | Virginia school district open despite LockBit ransomware attack
<https://therecord.media/virginia-school-district-open-lockbit> |
| Sep 2023 | 3AM: New Ransomware Family Used As Fallback in Failed LockBit Attack
<https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/3am-ransomware-lockbit> |
| Sep 2023 | Upstate New York nonprofit hospitals still facing issues after LockBit ransomware attack
<https://therecord.media/upstate-new-york-hospitals-ransomware-attack> |
| Oct 2023 | Freight giant Estes refuses to deliver ransom, says personal data opened and stolen
<https://www.theregister.com/2024/01/03/estes_ransomware/> |
| Oct 2023 | Boeing confirms cyberattack amid LockBit ransomware claims
<https://www.bleepingcomputer.com/news/security/boeing-confirms-cyberattack-amid-lockbit-ransomware-claims/>
<https://www.bleepingcomputer.com/news/security/lockbit-ransomware-leaks-gigabytes-of-boeing-data/> |
| Oct 2023 | California community college Río Hondo dealing with cybersecurity incident
<https://therecord.media/california-college-rio-hondo-cyberattack> |
| Nov 2023 | Industrial and Commercial Bank of China dealing with LockBit ransomware attack
<https://therecord.media/icbc-dealing-with-ransomware-attack> |
| Nov 2023 | Egyptian E-Payment Vendor Recovering From LockBit Ransomware Attack
<https://www.darkreading.com/cyberattacks-data-breaches/fawry-recovering-from-lockbit-ransomware-attack-> |
| Nov 2023 | LockBit ransomware group assemble strike team to breach banks, law firms and governments
<https://doublepulsar.com/lockbit-ransomware-group-assemble-strike-team-to-breach-banks-law-firms-and-governments-4220580bfcee?gi=af98d89a956a> |
| Nov 2023 | Canadian government discloses data breach after contractor hacks
<https://www.bleepingcomputer.com/news/security/canadian-government-discloses-data-breach-after-contractor-hacks/> |
| Nov 2023 | Capital Health attack claimed by LockBit ransomware, risk of data leak
<https://www.bleepingcomputer.com/news/security/capital-health-attack-claimed-by-lockbit-ransomware-risk-of-data-leak/> |
| Nov 2023 | Infosys McCamish says LockBit stole data of 6 million people
<https://www.bleepingcomputer.com/news/security/infosys-mccamish-says-lockbit-stole-data-of-6-million-people/> |
| Dec 2023 | Shoe retailer Aldo says LockBit posting is related to system at franchise partner
<https://therecord.media/aldo-franchise-partner-lockbit-ransomware-posting> |
| Dec 2023 | LockBit ransomware now poaching BlackCat, NoEscape affiliates
<https://www.bleepingcomputer.com/news/security/lockbit-ransomware-now-poaching-blackcat-noescape-affiliates/> |
| Dec 2023 | The ransomware attack on Westpole is disrupting digital services for Italian public administration
<https://securityaffairs.com/156090/cyber-crime/westpole-ransomware-attack.html> |
| Dec 2023 | LockBit ransomware gang claims to have breached accountancy firm Xeinadin
<https://securityaffairs.com/156303/cyber-crime/lockbit-gang-xeinadin.html> |
| Dec 2023 | Lockbit ransomware disrupts emergency care at German hospitals
<https://www.bleepingcomputer.com/news/security/lockbit-ransomware-disrupts-emergency-care-at-german-hospitals/> |
| Dec 2023 | December cyberattack on Chicago community hospital claimed by LockBit gang
<https://therecord.media/ransomware-saint-anthony-hospital-chicago> |
| Jan 2024 | Taiwanese semiconductor company hit by ransomware attack
<https://therecord.media/foxsemicon-ransomware-attack-taiwan> |
| Jan 2024 | LockBit Ransomware Distributed via Word Files Disguised as Resumes
<https://asec.ahnlab.com/en/60633/> |
| Jan 2024 | Subway Puts a LockBit Investigation on the Menu
<https://www.darkreading.com/cyberattacks-data-breaches/subway-lockbit-investigation-on-menu> |
| Jan 2024 | California union confirms ransomware attack following LockBit claims
<https://therecord.media/california-union-lockbit-attack-ransomware> |
| Jan 2024 | LockBit Attempts to Stay Afloat With a New Version
<https://www.trendmicro.com/en_us/research/24/b/lockbit-attempts-to-stay-afloat-with-a-new-version.html> |
| Feb 2024 | LockBit claims ransomware attack on Fulton County, Georgia
<https://www.bleepingcomputer.com/news/security/lockbit-claims-ransomware-attack-on-fulton-county-georgia/>
<https://krebsonsecurity.com/2024/02/fulton-county-security-experts-call-lockbits-bluff/> |
| Feb 2024 | Jacksonville Beach and other US municipalities report data breaches following cyberattacks
<https://therecord.media/jacksonville-beach-municipalities-hit-by-cyberattacks> |
| Feb 2024 | LockBit takes credit for February shutdown of South African pension fund
<https://therecord.media/lockbit-ransomware-takes-credit-for-south-african-pension-fund-attack> |
| Feb 2024 | LockBit ransomware returns, restores servers after police disruption
<https://www.bleepingcomputer.com/news/security/lockbit-ransomware-returns-restores-servers-after-police-disruption/>
<https://www.bleepingcomputer.com/news/security/lockbit-ransomware-returns-to-attacks-with-new-encryptors-servers/> |
| Mar 2024 | Ransomware Talent Surges to Akira After LockBit's Demise
<https://www.bankinfosecurity.com/ransomware-talent-surges-to-akira-after-lockbits-demise-a-24583> |
| Mar 2024 | Pharmaceutical development company investigating cyberattack after LockBit posting
<https://therecord.media/pharmaceutical-development-company-investigating-cyber-incident-lockbit> |
| Apr 2024 | DC city agency says LockBit claims tied to third-party attack
<https://therecord.media/dc-city-agency-ransomware-attack-lockbit> |
| Apr 2024 | French hospital CHC-SV refuses to pay LockBit extortion demand
<https://www.bleepingcomputer.com/news/security/french-hospital-chc-sv-refuses-to-pay-lockbit-extortion-demand/> |
| Apr 2024 | LockBit says they stole data in London Drugs ransomware attack
<https://www.bleepingcomputer.com/news/security/lockbit-says-they-stole-data-in-london-drugs-ransomware-attack/> |
| May 2024 | City of Wichita breach claimed by LockBit ransomware gang
<https://www.bleepingcomputer.com/news/security/city-of-wichita-breach-claimed-by-lockbit-ransomware-gang/> |
| May 2024 | New LockBit Black Campaign Observed
<https://www.cyber.nj.gov/Home/Components/News/News/1312/214?fsiteid=2&loadingmode=PreviewContent> |
| Jun 2024 | LockBit lied: Stolen data is from a bank, not US Federal Reserve
<https://www.bleepingcomputer.com/news/security/lockbit-lied-stolen-data-is-from-a-bank-not-us-federal-reserve/>
<https://www.bleepingcomputer.com/news/security/affirm-says-cardholders-impacted-by-evolve-bank-data-breach/> |
| Jun 2024 | Toronto school board confirms students’ info stolen as LockBit claims breach
<https://therecord.media/toronto-school-district-board-ransomware> |
| Jul 2024 | LockBit group claims the hack of the Fairfield Memorial Hospital in the US
<https://securityaffairs.com/165162/cyber-crime/lockbit-ransomware-fairfield-memorial-hospital.html> |
| Dec 2024 | Siberia's largest dairy plant reportedly disrupted with LockBit variant
<https://therecord.media/siberia-dairy-plant-cyberattack-lockbit-variant> |
| Feb 2025 | LockBit taunts FBI Director Kash Patel with alleged “Classified” leak threat
<https://securityaffairs.com/174639/cyber-crime/lockbit-taunts-fbi-director-kash-patel.html> |
| Apr 2025 | Physicians’ billing and revenue management firm hit by LockBit
<https://databreaches.net/2025/04/10/physicians-billing-and-revenue-management-firm-hit-by-lockbit/> |
| Counter operations | Aug 2022 | LockBit ransomware blames Entrust for DDoS attacks on leak sites
<https://www.bleepingcomputer.com/news/security/lockbit-ransomware-blames-entrust-for-ddos-attacks-on-leak-sites/> |
| Sep 2022 | LockBit ransomware builder leaked online by “angry developer”
<https://www.bleepingcomputer.com/news/security/lockbit-ransomware-builder-leaked-online-by-angry-developer-/> |
| Nov 2022 | Man Charged for Participation in LockBit Global Ransomware Campaign
<https://www.justice.gov/opa/pr/man-charged-participation-lockbit-global-ransomware-campaign> |
| Jun 2023 | Suspected LockBit ransomware affiliate arrested, charged in US
<https://www.bleepingcomputer.com/news/security/suspected-lockbit-ransomware-affiliate-arrested-charged-in-us/> |
| Aug 2023 | Lockbit leak, research opportunities on tools leaked from TAs
<https://securelist.com/lockbit-ransomware-builder-analysis/110370/> |
| Dec 2023 | Alleged LockBit operator to face new cybercrime charges in Canada
<https://therecord.media/lockbit-operator-to-face-new-charges-canada> |
| Feb 2024 | Operation “Cronos”
Law enforcement disrupt world’s biggest ransomware operation
<https://www.europol.europa.eu/media-press/newsroom/news/law-enforcement-disrupt-worlds-biggest-ransomware-operation>
<https://therecord.media/lockbit-administrator-engaging-with-police> |
| Feb 2024 | US offers $15 million bounty for info on LockBit ransomware gang
<https://www.bleepingcomputer.com/news/security/us-offers-15-million-bounty-for-info-on-lockbit-ransomware-gang/> |
| Mar 2024 | LockBit ransomware affiliate gets four years in jail, to pay $860k
<https://www.bleepingcomputer.com/news/security/lockbit-ransomware-affiliate-gets-four-years-in-jail-to-pay-860k/> |
| May 2024 | LockBit's seized darknet site resurrected by police, teasing new revelations
<https://therecord.media/lockbit-ransomware-gang-seized-site-reappears-teasing-new-information> |
| May 2024 | LockBit leader unmasked and sanctioned
<https://www.nationalcrimeagency.gov.uk/news/lockbit-leader-unmasked-and-sanctioned>
<https://therecord.media/lockbitsupp-interview-ransomware-cybercrime-lockbit> |
| Jun 2024 | Police arrest Conti and LockBit ransomware crypter specialist
<https://www.bleepingcomputer.com/news/security/police-arrest-conti-and-lockbit-ransomware-crypter-specialist/> |
| Jul 2024 | Two Foreign Nationals Plead Guilty to Participation in LockBit Ransomware Group
<https://www.justice.gov/usao-nj/pr/two-foreign-nationals-plead-guilty-participation-lockbit-ransomware-group> |
| Oct 2024 | LockBit power cut: four new arrests and financial sanctions against affiliates
<https://www.europol.europa.eu/media-press/newsroom/news/lockbit-power-cut-four-new-arrests-and-financial-sanctions-against-affiliates> |
| Dec 2024 | US seeks extradition of alleged LockBit ransomware developer from Israel
<https://therecord.media/lockbit-suspect-rostislav-panev-us-seeks-extradition-israel>
<https://therecord.media/us-unseals-lockbit-complaint-israel>
<https://www.bleepingcomputer.com/news/security/suspected-lockbit-ransomware-dev-extradited-to-united-states/> |
| May 2025 | LockBit ransomware gang hacked, victim negotiations exposed
<https://www.bleepingcomputer.com/news/security/lockbit-ransomware-gang-hacked-victim-negotiations-exposed/>
<https://analyst1.com/lockbit-got-hacked-again-uncovering-insights-into-the-leaked-data/>
<https://www.ontinue.com/resource/inside-lockbit-inner-workings-of-ransomware-giant/>
<https://www.trellix.com/blogs/research/inside-the-lockbits-admin-panel-leak-affiliates-victims-and-millions-in-crypto/> |
| Information | <https://www.bleepingcomputer.com/news/security/lockbit-ransomware-moves-quietly-on-the-network-strikes-fast/>
<https://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/095/481/original/010421_LockBit_Interview.pdf>
<https://therecord.media/ransomware-diaries-undercover-with-the-leader-of-lockbit/>
<https://securityintelligence.com/articles/how-lockbit-changed-cybersecurity/>
<https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-165a>
<https://medium.com/@lcam/lighting-the-exfiltration-infrastructure-of-a-lockbit-affiliate-and-more-f57fbb7a4e79>
<https://analyst1.com/blog-negotiating-with-lockbit-uncovering-the-evolution-of-operations-and-newly-established-rules/>
<https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-325a>
<https://redsense.com/publications/lockbit-story-a-three-year-investigative-journey/>
<https://www.bleepingcomputer.com/news/security/lockbit-ransomware-gang-has-over-110-million-in-unspent-bitcoin/>
<https://www.resecurity.com/blog/article/lockbit-30s-bungled-comeback-highlights-the-undying-risk-of-torrent-based-data-leakage>
<https://blog.talosintelligence.com/ransomware-affiliate-model/>
<https://therecord.media/after-lockbit-takedown-its-purported-leader-vows-to-hack-on>
<https://www.trendmicro.com/en_us/research/24/d/operation-cronos-aftermath.html>
<https://www.trellix.com/blogs/research/the-lockbits-attempt-to-stay-relevant-its-imposters-and-new-opportunistic-ransomware-groups/> |
APT group: LockBit Gang
