Header image

LockBit Continues to Operate and Snare New Victims - Research

LockBit ransomware caught more victims in May after takedown.

After the takedown of the LockBit ransomware infrastructure in February of this year, there was a large spike in new victims in May.

According to data from Orange Cyberdefense, after the takedown the operators resurfaced a week later on the dark web, and using affiliates they were able to return and record 164 new victims in May of this year - the highest number recorded since the beginning of 2022.

“LockBit is showing that they are quite resilient and also very resistant, that's something that we see happening with the providers of the ransomware as a service and data leak sites and happening with some other ransomware service brands,” said Simen van der Perre, Belgium strategic advisor at Orange Cyberdefense.

Commenting, Diana Selck-Paulsson, global lead security researcher at Orange Cyberdefense said since the dissolution of the Conti ransomware gang, LockBit “has been the number one threat actor, causing one third of the victimology that we're observing.”

However, she believed that Lockbit “is struggling to attract affiliates and make them work for a fallen operation” and even though law enforcement did not manage to distract and stop the operation immediately, “we're maybe observing a longer time frame after disruption efforts of activity, even though this will mean lower volume of attacks than pre-disruption efforts.

Dan Raywood
Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.

Dan Raywood
Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.

Upcoming Events

No events found.