US and 6 Other Nations Name ‘Lockbit’ Digital Gang as Top Ransomware Threat
On Wednesday, the world’s leading ransomware threat was identified by the United States and six other nations as the digital extortion group operating under the name “Lockbit.”
Cyber officials from the US, Canada, Britain, France, Germany, Australia and New Zealand said in a joint advisory that Lockbit’s ransomware, which was used to scramble victims’ information until a ransom was paid, was the most widely used by cybercriminals.
“In 2022, LockBit was the most used ransomware variant in the world and will continue to be prolific in 2023,” the advisory said, adding that the gang and its affiliates “have negatively impacted organizations, both large and small, all over the world.
Ransomware has been an online threat for years, and the business around it has become increasingly sophisticated. Lockbit is one of several groups that use an affiliate model, allowing other cybercriminals to use its code and infrastructure in exchange for a cut of the profits.
The advisory cited only hard numbers from three countries, with 1,700 Lockbit-related cases reported or confirmed in the United States, 69 in France, and 15 in New Zealand. But Lockbit is responsible for much of the ransomware tracked by all seven governments, according to the advisory, which found that between 11 and 23 percent of the group’s recent ransom-seeking hacks traced back to the group.
Authorities in Germany, Canada and Australia did not immediately respond to messages seeking more information and figures. British officials declined to comment.
It makes sense to describe Lockbit as a top ransomware operator, said Brett Callow, an analyst at cybersecurity firm Emsisoft. He said the figures cited in the advisory were “probably significantly underestimated”.
Callow added that the global collaboration that went into the consultation was an encouraging sign.
“I don’t recall so many agencies working together as an advisor before,” he said. “That’s great to see.”