LockBit Ransomware Group, also known initially as the “.abcd virus,” emerged as a significant cyber threat in September 2019. This group operates a ransomware-as-a-service (RaaS) model, attracting affiliates who launch attacks under their banner. LockBit automates the targeting and encryption processes, spreading within organizations without manual oversight, using common system tools to remain undetected.

By February 2024, despite law enforcement seizing some of their dark web operations, LockBit demonstrated resilience, continuing their activities and attempting a comeback.

Their significant attacks have targeted a range of sectors from healthcare to financial institutions, primarily in the United States, China, India, and across Europe, exploiting organizations’ vulnerabilities to extort hefty ransoms. Notable victims include Accenture, Boeing, the UK’s Royal Mail and National Health Service, Thales Group, and the Industrial and Commercial Bank of China’s U.S. subsidiary.

LockBit’s notoriety skyrocketed in 2022, earning them the title of the world’s most prolific ransomware by various government agencies. By early 2023, they were linked to 44% of global ransomware incidents, accumulating about $91 million in ransoms from approximately 1,700 attacks in the U.S. alone from January 2020 to May 2023.