LockBit
Prolific ransomware-as-a-service operation that became the most deployed ransomware globally from 2022 to 2024. Disrupted by law enforcement Operation Cronos in February 2024 but resumed operations shortly after.
Attribution signal
?Score = mentions × confidence weight, summed across all attributed sources. Higher source diversity increases the score.≥ 10 High≥ 3 Moderate< 3 LowAttribution signals
9 mentions · 2 sources"The attack was attributed to the LockBit ransomware group, which not only stole the information but also encrypted it, demanding a ransom."
"law enforcement from 10 countries (including Australia) successfully disrupted the criminal operation of the LockBit ransomware group and uncovered that Lockbit did not routinely delete stolen data once a ransom was paid"
"Based on several clues, the threat actors behind the attacks are suspected to be using the previously leaked LockBit 3.0 builder."
"one possibility is that the threat group behind this incident was using the LockBit builder that had previously been leaked in 2022."
"The LockBit group hit another Foxconn facility in Mexico in May 2022 and disrupted production."
"Brazil = #2 target country in Q1 2026 (8.6% of victims)"
"Most recently, LockBit attacked a subsidiary called Foxsemicon Integrated Technology in 2024 with defacements and data breach claims."
"In some incidents, threat actors have used the compromised Bomgar instances to deploy the LockBit ransomware."
"Brazil bearing the brunt of an extensive and unequal increase in global cyber threat activity"
Hedge terms observed