The LockBit ransomware strain remains a dominant force in the global landscape of ransomware and digital extortion (R&DE) attacks, as reported by ZeroFox. Over the past seven quarters, from January 2022 to September 2023, LockBit has been implicated in over a quarter of all R&DE incidents worldwide, with a particularly strong presence in Europe and North America.
Despite a slight decline in its overall share of attacks, indicating a diversification in the R&DE ecosystem, LockBit’s impact is still significant. In North America, the strain has historically been less prevalent compared to Europe, but recent trends suggest an increase in its activity, potentially affecting half of all R&DE victims by the end of 2023. The sectors most vulnerable to LockBit in North America include manufacturing, construction, retail, legal & consulting, and healthcare.
LockBit’s operators employ a range of intrusion methods to deploy their malicious payload. These techniques include exploiting vulnerabilities in internet-facing applications, phishing campaigns, using external remote services with harvested credentials, drive-by compromises, and utilizing valid accounts to bypass security measures.
As the R&DE threat landscape evolves, LockBit affiliates are adapting their strategies, targeting organizations more likely to meet ransom demands, such as those in professional services, education, and the financial sector. The ransomware, first identified in September 2019, is known for its rapid infection rate and ability to spread autonomously across networks.
LockBit’s notoriety has been cemented by its association with several high-profile attacks, including those on Royal Mail, Boeing, and the Industrial and Commercial Bank of China (ICBC). A report from Acronis in June 2023 highlighted LockBit as the most active ransomware strain in terms of victim count from January to May 2023.
The persistence and adaptability of LockBit underscore the ongoing challenge it poses to cybersecurity defenses globally. Organizations across various industries must remain vigilant and proactive in their security measures to mitigate the risks associated with this formidable ransomware threat.
