AdvisoryAdvisoriesCISAAA23-165A

June 14, 2023

Variations in LockBit Ransomware Hard to Detect

June 14, 2023

What we know so far

LockBit RaaS and its affiliates have had a negative impact on organizations worldwide. In 2022, LockBit was the most active ransomware group and RaaS provider, based on the number of victims claimed on their data leak site. LockBit operates as a RaaS cybercrime group, offering access to their ransomware variant to individuals or groups (referred to as "affiliates") in exchange for payment. LockBit distinguishes itself by allowing affiliates to receive ransom payments before taking their cut, unlike other RaaS groups. They also engage in publicity stunts and online disparagement of rival groups. LockBit's success can be attributed to continuous innovation in their administrative panel and supporting functions, while their affiliates regularly update their tactics for deploying and executing ransomware.

Arrow Right

Schedule a test

Subscribe to advisory alerts

Be immediately notified of new advisories and associated security tests

More advisories