Ransomware has been notably evolving pretty fast. One such ransomware is LockBit, which has gained huge popularity among cybercriminals. But, how did it become the top ransomware threat?
Diving into details
LockBit is one of the most prominent RaaS operations, which has constantly evolved since its emergence in 2019.
Its operators sell the program to affiliates who get a cut of 75% of the ransom paid by the victims.
The group engages in double extortion, similar to most ransomware groups today.
LockBit 2.0
The gang began gaining momentum in the second half of 2021 by launching LockBit 2.0.
During Q1 2022, this variant was the most widely deployed and impactful in all the ransomware breaches observed.
Its data leak site listed 850 victims, however, the gang claimed to have breached more than 12,000 victims so far.
LockBit 3.0
With this latest version, the RaaS launched the first-ever ransomware bug bounty program.
LockBit 3.0 urged researchers to submit bug bounty reports for rewards ranging from $1,000 to $1 million.
It has, furthermore, introduced new extortion tactics and accepts Zcash as payment.
Some stats your way
In Q1 2022, LockBit accounted for 40% of ransomware attacks against the financial sector.
After replacing Conti as the most active gang, LockBit disclosed 226 victims on its leak site in the period.
In 2021, LockBit breached 58 critical infrastructure organization networks - stated the FBI. It mainly focused on financial services, healthcare and public health, and government sectors.
The bottom line
The prominence of LockBit and its use by various threat groups has given the ransomware the popularity it enjoys now. Moreover, its unusual practices, such as the launching of a bug bounty program, make it attractive to other cybercriminals. The RaaS operation’s evolution throughout the years is a testimony to the persistence, rising complexity, and consequences brought about by the ransomware landscape.