Skip to main content
Jan 6, 2023 - Technology

Prolific ransomware gang LockBit has had a busy month

Sam Sabin
Illustration of a repeating pattern of computers with skulls on the screens

Illustration: Aïda Amer/Axios

One of the most prolific ransomware gangs of 2022 is already making headlines in the new year for successfully attacking critical infrastructure around the world.

Driving the news: In the last month, the ransomware gang has claimed responsibility for attacks on hospitals, shipping ports and local government offices.

Why it matters: LockBit's continued success underscores the pervasive threat ransomware still poses despite years of government and industry investments to fight this type of cyberattack.

The big picture: The recent attacks add to a growing list of high-profile LockBit targets, including the 2021 attack on Accenture.

The intrigue: Part of LockBit's continued dominance in the ransomware underworld stems from its incentives program, according to researchers at Trustwave's SpiderLabs.

  • The gang offers higher-than-average payouts to hackers who conduct attacks and operate a first-of-its-kind bug bounty program where hackers can report security vulnerabilities in company networks for a payout.
  • LockBit is also constantly purchasing new hacking tools on the dark web to stay ahead of the curve, Trustwave researchers noted.

Between the lines: Trustwave forecasted in a report this week that LockBit would "remain the most active and effective group for the foreseeable future."

Yes, but: Law enforcement agents are already investigating LockBit, and officials have had a strong track record in the last couple of years of spooking and shutting down prolific gangs.

  • Prosecutors charged a dual Russian and Canadian national in November with working with LockBit.
  • Deputy attorney general Lisa Monaco said at the time the arrest was the result of a more than 2.5-year investigation into LockBit.

Sign up for Axios’ cybersecurity newsletter Codebook here.

Go deeper