LockBit Paralyzes Groupe IDEA
LockBit reached France and hits Groupe IDEA, an organization with multiple areas of expertise, including logistics and industrial transportation. The attack followed LockBit usual MO, stealing and encrypting vital data and paralyzing the flow of operations.
- Groupe IDEA didn’t make a public statement about the attack, presumably focusing on fixing the problem
- LockBit currently ranks as one of the most prolific, aggressive, and active ransomware actors in the world
- The organization has been involved in close to 1,900 attacks and obtained nearly $100 million in ransom money
- LockBit is strictly financially motivated, although there are theories linking the group to pro-Russian sentiments
LockBit has been involved in over 44% of the total number of ransomware attacks globally and the trend doesn’t seem to slow down. The organization’s aggressiveness, along with its tendency to constantly upgrade its systems, make it highly effective.
The US alone saw 1,700 attacks attributed to LockBit, with most of them turning profitable for the organization. Lockbit uses a personal malware called StealBit, which automates the process of data exfiltration.
LockBit initially released as ABCD ransomware, a name which it got from its .abcd file extension. The group’s very first iterations went public in 2019 and saw a massive upgrade in 2021 with the release of LockBit 2.0.
Since then, the organization’s attacks became more frequent and the success rate went up. LockBit continues to upgrade its systems regularly, which allows it to circumvent new iterations of already established firewalls.
How Does LockBit Operate?
LockBit is a classic ransomware service that targets primarily high-profile organizations. This includes both governmental agencies and private institutions. The release of LockBit 3.0 saw an even larger increase in the attacks’ frequency.
While the group is fairly old and well-established, it doesn’t mean it hasn’t been investigated and monitored. The US Department of Justice announced, in November of 2022, the arrest of Mikhail Vasiliev.
The individual with dual citizenship (Canadian and Russian) was accused of involvement with the infamous ransomware actor. Nothing followed in terms of discovering the identity of additional LockBit operatives.
Recently, it has been reported that LockBit was experiencing significant internal frustrations due to the low pay rate. It’s unclear if this is the result of the victims simply giving away their data or using a decryption tool of repel the attacker.
However, despite its declining pay rate, LockBit remains highly active and aggressive on the global stage.
Our Mission
We believe security online security matters and its our mission to make it a safer place.
