ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Home > List all groups > LockBit Gang

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: LockBit Gang

NamesLockBit Gang (?)
MotivationFinancial gain
First seen2019
Description(Bleeping Computer) LockBit ransomware takes as little as five minutes to deploy the encryption routine on target systems once it lands on the victim network.

Joining the ransomware-as-a-service (RaaS) business in September 2019, LockBit is atypical in that it’s driven by automated processes for quick spreading across the victim network, identifying valuable systems and locking them up.

LockBit attacks leave few traces for forensic analysis as the malware loads into the system memory, with logs and supporting files removed upon execution.
ObservedSectors: Aviation, Defense, Energy, Financial, Healthcare, Transportation.
Countries: Australia, Chile, China, France, Germany, India, Indonesia, Italy, Taiwan, Thailand, UK, Ukraine, USA.
Tools usedCrackMapExec, EmpireProject, LockBit.
Operations performedMay 2020LockBit ransomware self-spreads to quickly encrypt 225 systems
Aug 2020Interpol: Lockbit ransomware attacks affecting American SMBs
Sep 2020LockBit ransomware launches data leak site to double-extort victims
Dec 2020Ransomware hits helicopter maker Kopter
Apr 2021UK rail network Merseyrail likely hit by Lockbit ransomware
Jun 2021LockBit Resurfaces With Version 2.0 Ransomware Detections in Chile, Italy, Taiwan, UK
Aug 2021Energy group ERG reports minor disruptions after ransomware attack
Aug 2021LockBit ransomware recruiting insiders to breach corporate networks
Aug 2021LockBit 2.0 ransomware incidents in Australia
Aug 2021Accenture confirms hack after LockBit ransomware data leak threats
Aug 2021LockBit Ransomware Wants to Hire Your Employees
Aug 2021Bangkok Air confirms passenger PII leak after ransomware attack
Sep 2021LockBit 2.0: Ransomware Attacks Surge After Successful Affiliate Recruitment
Oct 2021LockBit 2.0 ransomware hit Israeli defense firm E.M.I.T. Aviation Consulting
Nov 2021BlackMatter ransomware moves victims to LockBit after shutdown

Last change to this card: 04 November 2021

Download this actor card in PDF or JSON format

Previous: LightBasin
Next: LookBack, TA410

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]