The notorious LockBit ransomware gang has stolen approximately $91 million just from victims in the United States since 2020, making it one of the most successful, if not the most successful, ransomware threats out there.
The news comes from a joint advisory, published earlier this week by the US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI, Multi-State Information Sharing and Analysis Center (MS-ISAC), and the cybersecurity authorities of Australia, Canada, United Kingdom, Germany, France, and New Zealand.
Thousands of victims
As per the advisory, in the last three years, the group successfully compromised roughly 1,700 American organizations. Last year alone, some 16% of all attacks targeted State, Local, and Tribunal (SLTT) governments, MS-ISAC’s data shows. So municipal governments, counties, educational institutions, and public service organizations, were some of the most popular targets.
"In 2022, LockBit was the most deployed ransomware variant across the world and continues to be prolific in 2023," the report claims.
But LockBit wasn’t entirely focused on these organizations. Private sector firms of all shapes and sizes were being targeted, as well: "Since January 2020, affiliates using LockBit have attacked organizations of varying sizes across an array of critical infrastructure sectors, including financial services, food and agriculture, education, energy, government and emergency services, healthcare, manufacturing, and transportation."
As per CSO Online, LockBit first formed in 2019, under the name ABCD, given to the group after the file extension that was left on encrypted files. It quickly rose to prominence, and by 2020, it was up to version 2.0. This variant of the encryptor was “the most impactful and widely deployed ransomware variant” to be observed in Q1 2022, according to researchers from Unit 42, Palo Alto Networks’ cybersecurity arm.
While the official number of victims is around 1,700, the group itself claims to have compromised more than 12,000 organizations.
- Here's our rundown of the best endpoint protection tools
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.