Lockbit, a hacker group that is infamous for using a ransomware-as-a-service (RaaS) model to target large businesses and government infrastructure, was recently dealt a blow after a law enforcement team consisting of members from multiple countries disrupted their operations. A report has now pointed out that among the targets, India had the highest victims in the Asia-Pacific (APAC) region.
Citing numbers taken from the group’s ‘shame site’, cybersecurity company Check Point noted that Lockbit published that they had 22 victims in India in 2023.This number is more than other countries in the region, which include Australia (21), Thailand (18), Japan (15), Malaysia (15), Taiwan (12) and China (10), among other nations.
LockBit ransomware group, which is considered to be among key players in today’s cyber threat landscape, was reportedly involved in 17% of ransomware engagements in 2023. Recently, a unit consisting of the National Crime Agency of the UK, FBI and the international law enforcement task force took down the dark web site associated with the group in ‘Operation Cronos’.
How LockBit ransomware group works
Lockbit has a lot of affiliate groups. Lockbit uses a model called RaaS in which it provides ransomware – a software that blocks victims’ access (or encrypt) to data on their computers or mobile devices – to hacking groups that ask for ransom to decrypt the data. In cases where ransom is not paid, these groups can also permanently lock the data or dump it on the dark web.
Its affiliates have reportedly been involved in extortion of some of the world’s largest organisations in recent months. These organisations include the UK’s Royal Mail, Britain’s National Health Service, aeroplane manufacturer Boeing, and China’s biggest bank, ICBC, among others.
A report said that LockBit and its affiliates caused billions of dollars in damage and extracted tens of millions in ransom from their victims. As per the data published by blockchain firm Chainalysis, in 2023, extortions by ransomware groups exceeded $1 billion in cryptocurrency for the first time.
The “LockBit” ransomware was first observed in 2020 but is said to have been active since September 2019. According to the US Cybersecurity & Infrastructure Security Agency (CISA), the group has made money through up-front payments and subscription fees for the software, or from a cut of the ransom.
Citing numbers taken from the group’s ‘shame site’, cybersecurity company Check Point noted that Lockbit published that they had 22 victims in India in 2023.This number is more than other countries in the region, which include Australia (21), Thailand (18), Japan (15), Malaysia (15), Taiwan (12) and China (10), among other nations.
LockBit ransomware group, which is considered to be among key players in today’s cyber threat landscape, was reportedly involved in 17% of ransomware engagements in 2023. Recently, a unit consisting of the National Crime Agency of the UK, FBI and the international law enforcement task force took down the dark web site associated with the group in ‘Operation Cronos’.
How LockBit ransomware group works
Lockbit has a lot of affiliate groups. Lockbit uses a model called RaaS in which it provides ransomware – a software that blocks victims’ access (or encrypt) to data on their computers or mobile devices – to hacking groups that ask for ransom to decrypt the data. In cases where ransom is not paid, these groups can also permanently lock the data or dump it on the dark web.
Its affiliates have reportedly been involved in extortion of some of the world’s largest organisations in recent months. These organisations include the UK’s Royal Mail, Britain’s National Health Service, aeroplane manufacturer Boeing, and China’s biggest bank, ICBC, among others.
A report said that LockBit and its affiliates caused billions of dollars in damage and extracted tens of millions in ransom from their victims. As per the data published by blockchain firm Chainalysis, in 2023, extortions by ransomware groups exceeded $1 billion in cryptocurrency for the first time.
The “LockBit” ransomware was first observed in 2020 but is said to have been active since September 2019. According to the US Cybersecurity & Infrastructure Security Agency (CISA), the group has made money through up-front payments and subscription fees for the software, or from a cut of the ransom.