The notorious LockBit ransomware gang has stolen approximately $91 million just from victims in the United States since 2020, making it one of the most successful, if not the most successful, ransomware threats out there.
The news comes from a joint advisory, published earlier this week by the US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI, Multi-State Information Sharing and Analysis Center (MS-ISAC), and the cybersecurity authorities of Australia, Canada, United Kingdom, Germany, France, and New Zealand.
Thousands of victims
As per the advisory, in the last three years, the group successfully compromised roughly 1,700 American organizations. Last year alone, some 16% of all attacks targeted State, Local, and Tribunal (SLTT) governments, MS-ISAC’s data shows. So municipal governments, counties, educational institutions, and public service organizations, were some of the most popular targets.
“In 2022, LockBit was the most deployed ransomware variant across the world and continues to be prolific in 2023,” the report claims.
But LockBit wasn’t entirely focused on these organizations. Private sector firms of all shapes and sizes were being targeted, as well: “Since January 2020, affiliates using LockBit have attacked organizations of varying sizes across an array of critical infrastructure sectors, including financial services, food and agriculture, education, energy, government and emergency services, healthcare, manufacturing, and transportation.”
As per CSO Online, LockBit first formed in 2019, under the name ABCD, given to the group after the file extension that was left on encrypted files. It quickly rose to prominence, and by 2020, it was up to version 2.0. This variant of the encryptor was “the most impactful and widely deployed ransomware variant” to be observed in Q1 2022, according to researchers from Unit 42, Palo Alto Networks’ cybersecurity arm.
While the official number of victims is around 1,700, the group itself claims to have compromised more than 12,000 organizations.