{
	"id": "459964fe-d329-4af4-bc7f-aed77affa37e",
	"created_at": "2026-04-06T00:12:14.896776Z",
	"updated_at": "2026-04-10T13:12:32.831822Z",
	"deleted_at": null,
	"sha1_hash": "14874ab57b279bc226ea8d75c2a7d89abc24803b",
	"title": "Interpol: Lockbit ransomware attacks affecting American SMBs",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 949021,
	"plain_text": "Interpol: Lockbit ransomware attacks affecting American SMBs\r\nBy Sergiu Gatlan\r\nPublished: 2020-08-04 · Archived: 2026-04-05 13:28:49 UTC\r\nAmerican medium-sized companies are actively targeted by LockBit ransomware operators according to an Interpol report\r\non the impact the COVID-19 pandemic had on cybercrime around the world.\r\nThe report was produced by Interpol's Cybercrime Directorate and it includes data from 48 Interpol member countries and 4\r\nprivate partners, as well as info and analysis from Interpol's Cybercrime Threat Response (CTR) unit and its Cyber Fusion\r\nCentre (CFC).\r\n\"The resulting analysis was supplemented by information provided by private sector partners and the INTERPOL Regional\r\nWorking Groups on Cybercrime,\" the Interpol says.\r\nhttps://www.bleepingcomputer.com/news/security/interpol-lockbit-ransomware-attacks-affecting-american-smbs/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/interpol-lockbit-ransomware-attacks-affecting-american-smbs/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nAmerican SMBs in LockBit's line of fire\r\nAs part of a short summary of regional cybercrime trends, the International Criminal Police Organization (Interpol) says\r\n[PDF] that \"a ransomware campaign carried out mainly through LOCKBIT malware is currently affecting medium-sized\r\ncompanies in some countries within this region.\"\r\nLockBit, a human-operated Ransomware-as-a-Service (RaaS) operation that surface in September 2019 as a private\r\noperation targeting enterprises and later observed by Microsoft while targeting healthcare and critical services.\r\nThis ransomware strain's operators use the publicly available CrackMapExec penetration testing tool to move laterally once\r\nthey get a foothold on a victim's network.\r\nTwo months ago, LockBit partnered with Maze ransomware's operators to create an extortion cartel that allows them to\r\nshare the same data leak platform during their operations and to exchange tactics and intelligence.\r\nMaze later told BleepingComputer that other ransomware groups might join this collaborative effort to generate ransom\r\npayments.\r\nMost active ransomware strains during the pandemic\r\nInterpol also took a closer look at data provided by private partners to get an overview of the most aggressive ransomware\r\ngangs during the pandemic.\r\nBased on their analysis, CERBER, NetWalker, and Ryuk were the top ransomware families recently detected by Interpol\r\nprivate partners and they are seen as \"constantly evolving to maximize the potential damage of a single attack as well as the\r\nfinancial profit for its perpetrators.\"\r\n\"In the first two weeks of April 2020, there was a spike in ransomware attacks by multiple threat groups which had been\r\nrelatively dormant for the past few months,\" the Interpol added.\r\n\"This implies that there may still be organizations that have been infected but where the ransomware has not yet been\r\nactivated.\"\r\nOn a related note, Interpol mentioned the Emotet botnet (known as a ransomware infection vector) in the data harvesting\r\nmalware part of the report, with 13% of organizations being affected by this malware globally.\r\nRansomware operators are also targeting European healthcare institutions and critical infrastructure involved in COVID-19\r\nresponse according to Interpol's report.\r\nThe international police organization previously warned in April about a surge of ransomware attacks targeting hospitals and\r\nattempting to lock them out of critical systems even though most of them were already overwhelmed by the influx of\r\npatients caused by the ongoing pandemic.\r\nRansomware defense measures\r\nInterpol recommends organizations exposed to ransomware attacks to keep their software and hardware up to date, and to\r\nback up their data using offline storage devices to block ransomware operators from accessing and encrypting them.\r\nThe police organization also advises orgs to take the following defense measures to protect their systems:\r\n• Only open emails or download software/applications from trusted sources;\r\n• Do not click on links or open attachments in emails which you were not expecting to receive, or come from an unknown\r\nsender;\r\n• Secure email systems to protect from spam which could be infected;\r\n• Backup all important files frequently, and store them independently from your system (e.g. in the cloud, on an external\r\ndrive);\r\nhttps://www.bleepingcomputer.com/news/security/interpol-lockbit-ransomware-attacks-affecting-american-smbs/\r\nPage 3 of 4\n\n• Ensure you have the latest anti-virus software installed on all systems and mobile devices, and that it is constantly running;\r\n• Use strong, unique passwords for all systems, and update them regularly.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/interpol-lockbit-ransomware-attacks-affecting-american-smbs/\r\nhttps://www.bleepingcomputer.com/news/security/interpol-lockbit-ransomware-attacks-affecting-american-smbs/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/interpol-lockbit-ransomware-attacks-affecting-american-smbs/"
	],
	"report_names": [
		"interpol-lockbit-ransomware-attacks-affecting-american-smbs"
	],
	"threat_actors": [],
	"ts_created_at": 1775434334,
	"ts_updated_at": 1775826752,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/14874ab57b279bc226ea8d75c2a7d89abc24803b.pdf",
		"text": "https://archive.orkl.eu/14874ab57b279bc226ea8d75c2a7d89abc24803b.txt",
		"img": "https://archive.orkl.eu/14874ab57b279bc226ea8d75c2a7d89abc24803b.jpg"
	}
}