{
	"id": "06268e35-8f61-4b31-b9b0-c69912ae603e",
	"created_at": "2026-04-06T00:15:20.205208Z",
	"updated_at": "2026-04-10T03:26:47.082742Z",
	"deleted_at": null,
	"sha1_hash": "a3794d38e00edfb56eeced82a140b282eca7cdaa",
	"title": "LockBit ransomware - what you need to know",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 52711,
	"plain_text": "LockBit ransomware - what you need to know\r\nArchived: 2026-04-05 19:40:38 UTC\r\nI keep hearing about LockBit ransomware attacks. What's going on?\r\nIt's no surprise if you have heard about LockBit. It is the world's most active ransomware group - responsible for\r\nan estimated 40% of all ransomware infections worldwide.\r\nI guess LockBit does the usual bad stuff - encrypt your data, steal your files, dump a ransom note on your\r\nPC...\r\nYes. The first you might know that you've been hit by LockBit 3.0 (also known as LockBit Black) is when your\r\ndesktop wallpaper is replaced with a message telling you that your files have been stolen, and pointing to\r\ninstructions on how they can be recovered.\r\nYou are then encouraged to make contact via the dark web to negotiate your ransom payment.\r\nYuck. Are the LockBit attacks targeting any type of businesses in particular?\r\nLockBit's victims are primarily small and medium-sized businesses, but sometimes much larger organisations\r\nhave fallen foul.\r\nLockBit's high profile targets have in the past included tech manufacturer Foxconn, NHS vendor Advanced, IT\r\ngiant Accenture, and German autoparts company Continental.\r\nMost recently the UK Royal Mail's deliveries overseas were disrupted following what is believed to have been a\r\nLockBit ransomware attack.\r\nYoinks. It sounds like any business could be a potential target...\r\nNot quite. LockBit doesn't seem to have been launched against any Russian organisations, for instance.\r\nWhy no Russian victims?\r\nHmm... why do you think?\r\nHa, I get it. They don't want to get in trouble with the cops on their doorstep! I guess if they are hitting so\r\nmany companies, these LockBit guys must be making a lot of money\r\nWhen the US authorities charged a man in connection with the LockBit ransomware in November 2022, they\r\nclaimed that it had been deployed against at least 1,000 victims in the United States and around the world, making\r\nat least $100 million worth of ransom demands.\r\nOh, so they've already nabbed someone for LockBit?\r\nhttps://www.tripwire.com/state-of-security/lockbit-ransomware-what-you-need-know\r\nPage 1 of 3\n\nIt's not as simple as that. It's not just one guy launching LockBit attacks from his back bedroom, surrounded by\r\npizza boxes.\r\nLockBit is a ransomware-as-a-service (RaaS) operation, meaning that other criminals pay to become an affiliate,\r\nlaunching attacks and sharing a percentage of their earnings with the original LockBit gang.\r\nIdentifying and charging one LockBit suspect does not necessarily mean the downfall of the entire criminal\r\noperation.\r\nAnd so, different people could be responsible for different LockBit attacks...\r\nCorrect. For instance, the Royal Mail attack has been blamed by the gang on a LockBit affiliate.\r\nIt sounds like LockBit is quite a professional enterprise...\r\nYes, albeit a criminal enterprise.\r\nThe LockBit ransomware-as-service operation has certainly evolved over the last couple of years. One of the more\r\nunusual developments occurred last summer when the gang announced it was introducing a bug bounty program.\r\nA bug bounty? You're kidding me...\r\nIn what was said to be the first ever bug bounty run by a ransomware gang, LockBit offered between $1000 and\r\n$1 million for anyone submitting bug reports. The gang cheekily announced that it was inviting \"all security\r\nresearchers, ethical and unethical hackers on the planet to participate.\"\r\nIn addition, the LockBit group said they would pay out for \"brilliant ideas\" that would improve their criminal\r\noperations.\r\nOf course, helping cybercriminals might be frowned upon in your particular country, so think carefully before you\r\nget into bed with them.\r\nThanks. I wasn't planning to.\r\nOne other thing. LockBit also offers a way for you to earn \"exactly one million dollars, no more and no less...\" in\r\ncryptocurrency for doxxing the individual known as LockBitSupp, who provides support and administers the\r\ngroup's affiliates.\r\nPerhaps they are hoping that any cybercriminal investigator who manages to uncover the identities of key\r\nindividuals running LockBit will be tempted to tell the gang for a payout, rather than help the police.\r\nSo how can my company protect itself from the LockBit ransomware?\r\nOnce again, it comes down to following tried-and-trusted security practices:\r\nmake secure offsite backups.\r\nrun up-to-date security solutions. Ensure that your computers are configured properly, and protected with\r\nthe latest security patches against vulnerabilities.\r\nhttps://www.tripwire.com/state-of-security/lockbit-ransomware-what-you-need-know\r\nPage 2 of 3\n\nuse hard-to-crack, unique passwords to protect sensitive data and accounts, and enable multi-factor\r\nauthentication.\r\nencrypt sensitive data wherever possible.\r\neducate and inform staff about the risks and methods used by cybercriminals to launch attacks and steal\r\ndata.\r\nEditor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do\r\nnot necessarily reflect those of Tripwire, Inc.\r\nSource: https://www.tripwire.com/state-of-security/lockbit-ransomware-what-you-need-know\r\nhttps://www.tripwire.com/state-of-security/lockbit-ransomware-what-you-need-know\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.tripwire.com/state-of-security/lockbit-ransomware-what-you-need-know"
	],
	"report_names": [
		"lockbit-ransomware-what-you-need-know"
	],
	"threat_actors": [
		{
			"id": "0fc739cf-0b82-48bf-9f7d-398a200b59b5",
			"created_at": "2022-10-25T16:07:23.797925Z",
			"updated_at": "2026-04-10T02:00:04.752608Z",
			"deleted_at": null,
			"main_name": "LockBit Gang",
			"aliases": [
				"Bitwise Spider",
				"Operation Cronos"
			],
			"source_name": "ETDA:LockBit Gang",
			"tools": [
				"3AM",
				"ABCD Ransomware",
				"CrackMapExec",
				"EmPyre",
				"EmpireProject",
				"LockBit",
				"LockBit Black",
				"Mimikatz",
				"PowerShell Empire",
				"PsExec",
				"Syrphid"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434520,
	"ts_updated_at": 1775791607,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/a3794d38e00edfb56eeced82a140b282eca7cdaa.pdf",
		"text": "https://archive.orkl.eu/a3794d38e00edfb56eeced82a140b282eca7cdaa.txt",
		"img": "https://archive.orkl.eu/a3794d38e00edfb56eeced82a140b282eca7cdaa.jpg"
	}
}