Share and Follow
So what is LockBit? Who has fallen victim to them? And how can we protect ourselves from them?
What, or who, is LockBit?
To make things confusing, the term LockBit refers to both the malicious software (malware) and the group that created it.
But rather than simply stealing the data, LockBit is a form of ransomware. Once the data has been copied, it is encrypted, rendering it inaccessible to legitimate users. This data is then held to ransom – pay up, or you’ll never see your data again.
Little is known about the LockBit group.
Cybercriminal gangs have adopted ransomware as a get-rich-quick scheme. Source: Getty / DPA
Based on their website, the group doesn’t have a specific political allegiance. Unlike some other groups, they also don’t limit the number of affiliates: “We are located in the Netherlands, completely apolitical and only interested in money. We always have an unlimited amount of affiliates, enough space for all professionals. It does not matter what country you live in, what types of language you speak, what age you are, what religion you believe in, anyone on the planet can work with us at any time of the year.”
Notably, LockBit have rules for their affiliates. Examples of forbidden targets (victims) include:
- Critical infrastructure
- Institutions where damage to the files could lead to death (such as hospitals)
- Post-Soviet countries such as Armenia, Belarus, Estonia, Georgia, Kazakhstan, Kyrgyzstan, Latvia, Lithuania, Moldova, Russia, Tajikistan, Turkmenistan, Ukraine and Uzbekistan.
While rules may be in place, there is always potential for rogue users to target forbidden organisations.
Read Related Also: One of Australia's most wanted men arrested in Turkey
The final rule in the list above is an interesting exception. According to the group, these countries are off limits because a high proportion of the group’s members were “born and grew up in the Soviet Union”, despite now being “located in the Netherlands”.
Who’s been hacked by LockBit?
While not yet confirmed, the recent ransomware incident experienced by the Industrial and Commercial Bank of China has been claimed by LockBit.
From the list of victims seen below, LockBit is clearly being used in a scatter-gun approach, with a wide variety of victims. This is not a series of planned, targeted attacks. Instead, it shows LockBit software is being used by a diverse range of criminals in a service model.
How we can protect ourselves
Ransomware as a service enables an inexperienced criminal to deliver a ransomware campaign to multiple targets quickly and efficiently – often at minimal cost and usually on a profit-sharing basis.
Jennifer Medbury is a lecturer of Intelligence and Security at Edith Cowan University and Paul Haskell-Dowland is a professor of Cyber Security Practice at Edith Cowan University.