Analysis Report of LockBit Activities After OpCronos

The Forrester Wave™: Managed Detection and Response, Q2 2023

Analysis Report of LockBit Activities After OpCronos

LockBit was the most widely used ransomware variant worldwide in 2022 and is still prolific. Since January 2020, LockBit has attacked organizations of various sizes across critical infrastructure sectors, including financial services, food and agriculture, education, energy, government and emergency services, healthcare, manufacturing, and transportation.

The tactics, techniques, and procedures (TTPs) observed in LockBit ransomware attacks vary significantly. This variation in observed ransomware TTPs poses a significant challenge for organizations to maintain network security and protect against the ransomware threat. After Operation Cronos against the LockBit group, there has been a massive increase in attacks to reassert themselves and seek revenge.

Key findings include:

  • LockBit operates as a Ransomware-as-a-Service (RaaS) model, hiring affiliates to carry out attacks using its tools and infrastructure. 
  • It encrypts files, making them inaccessible, and demands a ransom for their release.
  • Methods LockBit uses to gain initial access.

ThreatMon Free Trial

Download Download Here

Start Your Free Trial Now!

The 30-day free trial of ThreatMon allows users to explore the product's security benefits. During this trial period, you can test Threat Intelligence data, detect threats to your organization and recommend security measures.

Start Free Trial