Prolific ransomware gang LockBit has had a busy month

• LockBit said on New Year's Eve that it was behind an ongoing cyberattack on the Housing Authority of the City of Los Angeles.
• LockBit also claimed responsibility for a Christmas Day ransomware attack on the Port of Lisbon.
• And LockBit ransomware was behind a cyberattack at the Toronto-based Hospital for Sick Children.

Why it matters: LockBit's continued success underscores the pervasive threat ransomware still poses despite years of government and industry investments to fight this type of cyberattack.

The big picture: The recent attacks add to a growing list of high-profile LockBit targets, including the 2021 attack on Accenture.

The intrigue: Part of LockBit's continued dominance in the ransomware underworld stems from its incentives program, according to researchers at Trustwave's SpiderLabs.

• The gang offers higher-than-average payouts to hackers who conduct attacks and operate a first-of-its-kind bug bounty program where hackers can report security vulnerabilities in company networks for a payout.
• LockBit is also constantly purchasing new hacking tools on the dark web to stay ahead of the curve, Trustwave researchers noted.

Between the lines: Trustwave forecasted in a report this week that LockBit would "remain the most active and effective group for the foreseeable future."

Yes, but: Law enforcement agents are already investigating LockBit, and officials have had a strong track record in the last couple of years of spooking and shutting down prolific gangs.

• Prosecutors charged a dual Russian and Canadian national in November with working with LockBit.
• Deputy attorney general Lisa Monaco said at the time the arrest was the result of a more than 2.5-year investigation into LockBit.

Sign up for Axios’ cybersecurity newsletter Codebook here.