European SMBs indicate that local crooks started using Lockbit locker variants.
Executive Summary
- During the past months, the Lockbit gang reached very high popularity in the underground ecosystem.
- The recent Hive infrastructure takedown as well as other major gangs’ dissolution such as Conti in 2022, is making room in the cybercrime business.
- The Lockbit locker leaked a few months ago in the underground, is increasing its popularity and adoption among micro-criminal actors.
- Recent reports of Lockbit locker-based extortions against North European SMBs indicate that local cyber-criminal gangs started adopting Lockbit locker variants.
Incident Insights
Recently, there has been a significant increase in ransomware attacks targeting companies in northern Europe. These attacks are being carried out using the LockBit locker, which is known to be in use by the homonymous criminal affiliation program. The Lockbit group has been targeting companies of all sizes and across a wide range of industries, causing significant disruptions and financial losses.
One of the most concerning aspects of these recent attacks is the way in which they are being conducted. The LockBit Locker group is known for using a combination of advanced techniques, even phishing, and also social engineering, to gain initial access to a company’s network. Once they have access, they use a variety of tools and techniques to move laterally throughout the network, compromising systems and stealing sensitive data.
