LockBit ransomware continues to pose a significant global threat, being the primary digital extortion menace across various regions and industries, according to a report by cybersecurity firm ZeroFox. The research analyzed data from January 2022 to September 2023, finding that LockBit featured in over 25% of global ransomware and digital extortion attacks during this period. Notably, it accounted for 30% of attacks in Europe and 25% in North America.
Despite LockBit’s prominence, the report highlighted a declining trend in its overall share of attacks. This shift is attributed to the increasing diversification of the ransomware landscape, with the emergence of ransomware-as-a-service (RaaS) offerings that make it easier for threat actors to enter the ecosystem.
LockBit has historically been less deployed in North American attacks, with an average of 40% of victims located in the region. However, the report suggests an upward trajectory, anticipating a rise to 50% by the end of 2023. Industries frequently targeted by LockBit in North America included manufacturing, construction, retail, legal, consulting, and healthcare.
The research identified various intrusion methods employed by LockBit operators, including exploiting vulnerabilities in internet-facing applications, phishing, external remote services, drive-by compromises, and utilizing valid accounts through credential compromise. While LockBit’s proportion in ransomware attacks is on the decline, ZeroFox anticipates it will remain a substantial threat to industries worldwide.
LockBit affiliates are observed shifting focus to sectors deemed more likely to pay ransom demands, such as professional services, education, and financial organizations. The LockBit ransomware strain, operating as a ransomware-as-a-service offering, first emerged in September 2019, gaining notoriety for its speed of compromise and self-propagation capabilities within compromised networks.
Notable attacks linked to LockBit include incidents targeting Royal Mail, Boeing, and the Industrial and Commercial Bank of China (ICBC).
In summary, LockBit’s persistent threat is underscored by its prevalence in global ransomware attacks, with a decline in overall share attributed to the evolving ransomware landscape. Its adaptability and strategic focus on lucrative sectors indicate that LockBit will likely remain a formidable cybersecurity challenge.
Referral link
