Header image

LockBit Continues to Operate and Snare New Victims - Research

LockBit ransomware caught more victims in May after takedown.

After the takedown of the LockBit ransomware infrastructure in February of this year, there was a large spike in new victims in May.

According to data from Orange Cyberdefense, after the takedown the operators resurfaced a week later on the dark web, and using affiliates they were able to return and record 164 new victims in May of this year - the highest number recorded since the beginning of 2022.

“LockBit is showing that they are quite resilient and also very resistant, that's something that we see happening with the providers of the ransomware as a service and data leak sites and happening with some other ransomware service brands,” said Simen van der Perre, Belgium strategic advisor at Orange Cyberdefense.

Commenting, Diana Selck-Paulsson, global lead security researcher at Orange Cyberdefense said since the dissolution of the Conti ransomware gang, LockBit “has been the number one threat actor, causing one third of the victimology that we're observing.”

However, she believed that Lockbit “is struggling to attract affiliates and make them work for a fallen operation” and even though law enforcement did not manage to distract and stop the operation immediately, “we're maybe observing a longer time frame after disruption efforts of activity, even though this will mean lower volume of attacks than pre-disruption efforts.

Dan Raywood Senior Editor SC Media UK

Dan Raywood is a seasoned B2B journalist with over 20 years of experience, specializing in cybersecurity for the past 15 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes. Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.

Dan Raywood Senior Editor SC Media UK

Dan Raywood is a seasoned B2B journalist with over 20 years of experience, specializing in cybersecurity for the past 15 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes. Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.

Upcoming Events

08
Aug
Webinar

How to Automate the Lifecycle of Joiners, Movers, and Leavers With No-Code Solutions

Streamlining the lifecycle of joiners, movers, and leavers using no-code automation

The process of onboarding new employees and quickly removing departing staff profiles can be both time-consuming and labour-intensive.
In this live webinar, we will look at how to streamline these processes to save time and resources, and providing a smooth experience for both admins and employees.

Key takeaways:
  • Understanding the importance of securing the joiners, movers and leavers process
  • Exploring successful attacks that occurred due to errors in managing these transitions
  • Discover which advanced controls can be utilized
image image image