{
	"id": "4b16500f-c17b-4ac1-ba86-b2c9e625cf4a",
	"created_at": "2026-04-10T03:20:28.042642Z",
	"updated_at": "2026-04-10T13:11:20.895453Z",
	"deleted_at": null,
	"sha1_hash": "3e9f51f8b28b4d3cf969570e5b701271ffc4f614",
	"title": "Australian cybersecurity agency warns of spike in LockBit ransomware attacks",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 206969,
	"plain_text": "Australian cybersecurity agency warns of spike in LockBit\r\nransomware attacks\r\nBy Catalin Cimpanu\r\nPublished: 2023-01-18 · Archived: 2026-04-10 03:09:04 UTC\r\nAustralia's cybersecurity agency has issued a security advisory on Friday warning about a sudden spike in LockBit\r\nransomware attacks across the country.\r\nThe Australian Cyber Security Centre (ACSC) said that while the LockBit ransomware gang has attacked\r\nAustralian companies since 2020, the agency has seen \"a sharp and significant increase in domestic victims in\r\ncomparison to other tracked ransomware variants\" since July 2021.\r\n\"The ACSC has observed LockBit affiliates successfully deploying ransomware on corporate systems in a variety\r\nof sectors including professional services, construction, manufacturing, retail and food,\" the agency said today.\r\nLockBit 2.0 — a perfect storm\r\nThe ACSC warning comes after the LockBit operation has seen what can be described as an influx of \"affiliates.\"\r\nOperating on a Ransomware-as-a-Service model, the LockBit gang rents access to their ransomware to other\r\nthreat actors (commonly referred to as affiliates), who are then responsible for breaching enterprise networks to\r\nsteal data, and then deploy the ransomware payload to encrypt local copies.\r\nWhile the LockBit gang has been operating since September 2019 with a modicum of success, they launched a\r\nnew version of their RaaS platform in June 2021.\r\nThis launch coincided with the shutdowns of the Darkside, REvil, and Avaddon ransomware operations, which\r\nhad the side effect of drawing many of those gang's affiliates to its platform, as Brett Callow, a malware analyst\r\nfor security firm Emsisoft pointed out last month.\r\nThis resulted in a general spike of LockBit attacks, which can be easily seen in the chart below, showing\r\nsubmissions to ID-Ransomware, a web-based tool for identifying what type of ransomware has infected a victim.\r\nhttps://therecord.media/australian-cybersecurity-agency-warns-of-spike-in-lockbit-ransomware-attacks/\r\nPage 1 of 3\n\nThe ACSC is now warning Australian companies to take note of this rise in LockBit affiliate activity and prepare\r\nfor attacks. The agency particularly warns companies to patch their Fortinet networking devices for CVE-2018-\r\n13379, a vulnerability that has been identified as the entry point for many LockBit 2.0 attacks.\r\nFurthermore, the agency also warns companies that once their files are encrypted, if they choose not to pay the\r\nthreat actor and recover from backups, the LockBit gang is one of the ransomware cartels that operates a site on\r\nthe dark web where they leak data from companies that refused to pay, so victims should be prepared to deal with\r\na public data leak once they got hit.\r\nNo previous article\r\nNo new articles\r\nhttps://therecord.media/australian-cybersecurity-agency-warns-of-spike-in-lockbit-ransomware-attacks/\r\nPage 2 of 3\n\nCatalin Cimpanu\r\nis a cybersecurity reporter who previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement\r\nactions against hackers.\r\nSource: https://therecord.media/australian-cybersecurity-agency-warns-of-spike-in-lockbit-ransomware-attacks/\r\nhttps://therecord.media/australian-cybersecurity-agency-warns-of-spike-in-lockbit-ransomware-attacks/\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://therecord.media/australian-cybersecurity-agency-warns-of-spike-in-lockbit-ransomware-attacks/"
	],
	"report_names": [
		"australian-cybersecurity-agency-warns-of-spike-in-lockbit-ransomware-attacks"
	],
	"threat_actors": [],
	"ts_created_at": 1775791228,
	"ts_updated_at": 1775826680,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/3e9f51f8b28b4d3cf969570e5b701271ffc4f614.pdf",
		"text": "https://archive.orkl.eu/3e9f51f8b28b4d3cf969570e5b701271ffc4f614.txt",
		"img": "https://archive.orkl.eu/3e9f51f8b28b4d3cf969570e5b701271ffc4f614.jpg"
	}
}