Lockbit3

LockBit3 is a prominent malware that has been significantly active in the cyber threat landscape. In the first half of 2023, it was reported as the most active among 48 ransomware groups, breaching over 2,200 victims. This represented a 20% increase in victims compared to the same period in 2022. The malware typically infiltrates systems through suspicious downloads, emails, or websites, and can steal personal information, disrupt operations, or hold data hostage for ransom. The LockBit3 group often uses techniques such as emailing ransomware as a compressed attachment or transferring it over HTTP/S. However, despite its heightened activity in early 2023, LockBit3 experienced a significant decline in public extortion from the start of the year. By April, there was a 55% drop in its global impact, reducing its ranking from 20% to 9% among ransomware groups. But this downturn didn't last long. After a period of disruption, the LockBit3 ransomware group's activity resurged, accounting for 33% of ransomware attacks. By June 2024, Check Point Research highlighted a shift in the Ransomware-as-a-Service (RaaS) landscape. Despite LockBit3's August surge, driven by Cl0p (+Torrents), and maintaining steady numbers with 8base, ALPHV, and Akira, it was surpassed by RansomHub, which took the top spot as the most prevalent ransomware group. While LockBit3 remains a significant threat, its position in the hierarchy of ransomware groups continues to fluctify, reflecting the dynamic nature of the cyber threat environment.