LOCKBIT Ransomware

Based on our profiling analysis, the site is largely operated by east-European individuals based on sentence structure. Primary motivation is based on monetary gain and the group offers access to their encryption software (aka Malware aka Ransomware) on a paid and commission based subscription model (RaaS). The group has no political interests but CYPFER has noticed that no attacks against Russian/Ukrainian or other East-European attacks were evident.

  • LOCKBIT operators are not limiting themselves to specific attack types, but have been seen exploiting both external Internet facing assets using some of the latest exploits such as Log4j but also using brute force of remote access capabilties. Some attacks were identified using phishing techniques to establish initial foothold.
  • COMMUNICATION PROTOCOLS: LockBit communications take place primarily over the groups web-chat that is accessible through TOR. Each victim organization is provided with a unique key to access the chat-room.
  • INITIAL DEMANDS: LockBit demands on average begin around $1,600,000. This number may vary between each matter as the demands are typically based on what the threat actors believe the company can afford to pay.
  • FINAL DEMANDS: LockBit operators or affiliates have full decision control of the final amount. Discounts depend on a variety of factors including the ability to negotiate appropriately with the affiliates.
  • DURATION: Negotiation durations with LockBit are relatively quick and can run from 2 days to 6 days.

DECRYPTION: LockBit decryptor is 97% effective in decrypting files. Speed of decryption is dependant upon a number of factors including hardware capabilities and size of encrypted files.

RECOVERY and REMEDIATION: CYPFER’s post breach recovery teams have worked a number of LockBit matters, and recovery of an environment while it depends on impact, hardware capacity and available resources will typically take 14 business days.

Related Insights

View All Insights Btn-arrowIcon for btn-arrow

Your Complete Cyber Security Partner:
Every Step, Every Threat.

At CYPFER, we don’t just protect your business—we become part of it.

As an extension of your team, our sole focus is on cyber security, ensuring your peace of mind. From incident response and ransomware recovery to digital forensics and cyber risk, we integrate seamlessly with your operations. We’re with you 24×7, ready to tackle threats head-on and prevent future ones.

Choose CYPFER, and experience unmatched dedication and expertise. Trust us to keep your business secure and resilient at every turn.

Get Cyber Certainty™ Today

We’re here to keep the heartbeat of your business running, safe from the threat of cyber attacks. Wherever and whatever your circumstances.

Contact CYPFER Btn-arrowIcon for btn-arrow