Ransomware Spotlight: LockBit Ransomware-as-a-Service

LockBit is one of the most infamous and prolific ransomware-as-a-service (RaaS) gangs. RaaS groups follow a similar licensing and delivery business model that standard software-as-a-service (SaaS) organizations use.

Recent reports credit LockBit with nearly 40% of ransomware attacks so far in 2022, making them one of the most active ransomware groupsii. LockBit first emerged in September 2019 under the name ABCD Ransomware. Since then, it’s undergone multiple iterations, including LockBit 2.0 and most recently LockBit 3.0, or LockBit Black.

LockBit announced its latest 3.0 version in late June 2022, which includes a few key updates that signal the group’s emphasis on operational security (OPSEC), highlighting the program’s maturity as a criminal enterprise. One notable update is the new bug bounty program, which promises to pay as much as $1 million USD for discovering any vulnerabilities or information that may lead to the identification of the group’s leader who uses the moniker LockBitSupp.

These updates highlight an increased focus on more efficient attacks and solidifying themselves as advanced cybercriminals. A commitment to OPSEC has not been observed before, and other RaaS gangs will likely follow suit. As a result, we expect an increasingly sophisticated ransomware threat landscape in the coming months.

By downloading this report, you'll learn:

  • About the evolution of LockBit from its early days as ABCD ransomware
  • LockBit 3.0's new features
  • What the evolution means for the future of RaaS
  • How to best defend against and detect these evolving threats

Todyl updates

Sign-up to get the latest from Todyl sent straight to your inbox.