ZeroFox’s LockBit Targeting Report identifies LockBit as the most active ransomware and digital extortion threat globally from 2022 to 2023, affecting nearly all industries and regions. Operating under a Ransomware-as-a-Service model, LockBit exploits VPNs, phishing, and vulnerabilities like Citrix NetScaler and Log4j. It primarily targets North America and Europe, focusing on manufacturing, construction, and retail. Despite its dominance, LockBit’s market share is declining as new ransomware groups like Akira and NoEscape emerge. LockBit affiliates employ double extortion, encryption, and evasion tactics, using tools like Cobalt Strike and PsExec to spread across networks and disable security defenses.

Join for free to read