• Home
  • News
  • Lockbit Adds Nine Victims On Its List

Lockbit Adds Nine Victims On Its List

Miklos Zoltan

By Miklos Zoltan . 18 March 2024

Founder - Privacy Affairs

Alex Popa

Fact-Checked this

Lockbit just announced a record of 9 victims in a recent attack. The targets are spread across 5 countries: the UK, Canada, the US, Germany, and Namibia. The hackers posted evidence of the attacks on their public platform.

  • Lockbit gave the victims 2 weeks at their disposal to contact them for negotiations
  • Lockbit is currently the most sophisticated and aggressive ransomware actor in the world
  • The victims of this recent attack belong to several different industries, including transportation, trading, and the agricultural sector
  • It’s unknown how devastating the attacks have been, how much data Lockbit has managed to steal, or the value of the ransoms they’re demanding

Lockbit is a highly aggressive and very active ransomware organization with hundreds of victims and more piling up every day. This recent attack highlights Lockbit’s ability to hit multiple targets across several countries with little effort.

This ability is closely tied to the group’s RaaS profile (ransomware-as-a-service.) The organization relies on affiliates and people willing to pay to use their services. These then perform attacks using Lockbit’s credentials, further spreading the actor’s influence.

X showing the LockBit attack on the 9 companies
https://twitter.com/FalconFeedsio/status/1769031943146877093

Lockbit’s standard method of attack involves the double-extortion MO. The hackers will encrypt the victim’s files, then steal all the data they can and leave a ransom note behind. The victim is instructed to contact them for negotiations.

Because of the attack method, the hackers have double the leverage. The victim will have to negotiate for both the decryption key and the deletion of the data. If consensus isn’t reached, Lockbit will publish the victim’s data publicly.

Wasn’t Lockbit Seized by the FBI?

Indeed, it was. Lockbit was infiltrated and dismantled by the FBI, in collaboration with UK authorities, back in February 2024. The hackers’ website displayed the message, “This website has been seized by the FBI.”

The operation called Cronos also led to the arrest of several people, with the FBI enforcing multiple arrest warrants. Two Russian nationals have been charged in connection to the situation.

The FBI’s operation revealed concerning details about the organization’s stats and internal structure. It turns out that Lockbit had a massive database of over 2,000 victims worldwide and records of over $120 million in paid ransoms.

The feds also recovered hundreds of decryption keys, which they passed on to victims who were encrypted at that time.

Unfortunately, the situation didn’t last, as Lockbit returned only days later and claimed the FBI as their first victim. It is unclear whether this was the group itself or whether it was the work of a handful of affiliates.

Whatever the case may be, it appears that Lockbit is still up and running today, a month after the operation Cronos. FBI representatives have claimed that this is Lockbit trying to hold on to the last treads, but the actual truth is still uncertain.

Ransomware organizations are especially difficult to combat due to their adaptability and resilience. Dismantled groups often relocate their resources, rebrand themselves, or break their structure into multiple cells, leading to the creation of other ransomware actors.

This has been the case with numerous now-defunct organizations, Hive being the most recognizable one.

Our Mission

We believe security online security matters and its our mission to make it a safer place.

Leave a Comment