In recent years, ransomware attacks have risen due to their advanced techniques and ability to evade security measures. Lock bit You must have heard about it, if not it’s something you must know and be aware of, it is the world’s most active ransomware group. According to a survey 40% of ransomware infections worldwide. Lock bit is another type of ransomware that attackers use in a sophisticated manner, such as double extortion, where attackers threaten the victim to release some sensitive information unless the ransom is paid   In this blog, we will understand what Lock bit is and how can you protect yourself from such attacks.

History of Lock Bit

Lock Bit has been in operation Since September 2019, and since then, it has been responsible for high-profile attacks against businesses and organisations around the world. Some high-profile victims of these groups are the UK’s Royal Mail and Canadian Hospital, various organisations in the USA, China, Indonesia, and India as well.  The demand for ransom depends on the size and complexity of the victim’s network, ransom demand can be millions of dollars or in cryptocurrency. The attackers behind Lock Bit are believed to be a well-organized and highly skilled group operating out of Russia or Eastern Europe.

Lock Bit is the latest in a long series of extortion hacks. It was previously known as “ABCD” ransomware, but it has now evolved into a distinct danger within the realm of these extortion tools. Lock Bit is a type of ransomware classified as a ‘crypto virus’ since it bases its ransom requests on financial payments in exchange for decryption. It primarily targets businesses and government agencies rather than people.

Recently the organisation has used its malware to attack MacOS users, and the attack has been carried out on other platforms as well.

Modus Operandi of Attackers: Lock Bit ransomware is a type of malicious software that is aimed to prevent users from accessing computer systems in exchange for a ransom payment. LockBit will automatically scan a network for lucrative targets, transmit the virus, and encrypt any network-accessible computer systems. This malware is used to launch highly targeted assaults on businesses and other organisations. Lock Bit attackers have built a name for themselves as self-piloted cyber attackers, attacking organisations all around the world with the following threats:

Operations are disrupted, with critical functions grinding to a standstill.

Extortion for the benefit of the hacker’s financial gain.

If the victim does not cooperate, data theft and unlawful publishing are used as blackmail.

How does Lock Bit ransomware work?

LockBit attacks can deploy in three stages:

  • Exploit
  • Infiltrate
  • Deploy

Stage 1: Find and exploit network flaws. The first breach appears to be similar to earlier harmful operations. Social engineering strategies such as phishing, in which attackers mimic trusted persons or authority to get access credentials, may be used against an organisation. Attempts to use brute force on an organisation’s intranet servers and network systems are another possibility. If the network is not appropriately set up, attack probes may only take a few days to complete.

Lock Bit Once get access to the network, it gets easy to encrypt the other systems/devices as well. An attacker, on the other hand, may need to complete a few more stages before making their end move.


Stage 2: Infiltrate deeper: If necessary, finish the assault preparation. From this point on, the LockBit program oversees all activities. It aims to use “post-exploitation” to escalate privileges and gain attack-ready access. It also roots through access already available via lateral movement to determine target viability.

LockBit will take all required safeguards before delivering the ransomware’s encryption portion. This includes turning off security programs and any other infrastructure that would allow for system recovery, The purpose of infiltration is to make unaided recovery impossible, and paying the attacker’s ransom is the only viable option when the victim is anxious to reclaim operations.

Deploy the encrypted payload in Stage 3: Once the network has been properly prepared for LockBit, the ransomware will begin infecting any system it can reach. As previously stated, LockBit is not required to complete this step. A single system unit with elevated access can send orders to other network units to download and run LockBit.The encryption component will “lock” all system files. To unlock victims’ gadgets, only a specific key generated by LockBit’s proprietary decryption program may be used. Furthermore, duplicates of a basic ransom note text file are placed in each system folder, It shows the victim how to restore their system and, in some LockBit versions, includes blackmail threats.

How to protect against Lock Bit ransomware?

In the end, you’ll need to put in place safeguards to ensure that you and your organisation are robust against any ransomware or malicious assaults from the start. Here are several practices to help you prepare:

  1. Unique Passwords: Many account breaches occur due to basic passwords that an algorithm tool may uncover within a few days of probing. Make sure you use strong passwords, such as lengthier ones with character variations, and utilise self-created guidelines to form them.
  2. Set on multi-factor authentication (MFA): By adding layers on top of your basic password-based logins, you can deter brute-force assaults. When feasible, include features such as biometrics or physical USB key authenticators on all your systems.
  3. Review User Accounts: Limit permissions to more stringent levels to avoid possible dangers. Pay close attention to those accessed by endpoint users, and IT accounts with administrative privileges. Security should be implemented for online domains, collaboration platforms, web meeting services, and company databases.
  4. Backups maintained Regularly: Always have system backups and clean local machine images on hand. Incidents will occur, and an offline backup is the only reliable insurance against irreversible data loss. Your organisation should regularly create backups to keep up with significant system changes. If a backup becomes contaminated with malware, consider having numerous rotating backup locations with the ability to set up a clean period.
  5. Cyber Security Strategy: Ensure your organisation has a thorough cyber security strategy. While LockBit may attempt to disable defences once inside a unit, business cyber security protection software will assist you in tracking file downloads throughout the whole organisation with real-time protection.



With the advancement in technology, the mode of committing crimes has also changed. The emergence of Lockbit has been an awaking call for individuals and organisations to focus more on Cybersecurity and the best practices implemented in the market, keep regular backups, and be updated. As ransomware evolves, it’s essential to stay vigilant and cyber-safe.



Author : Tanushree Saxena, Trainer, CyberPeace

Leave a Reply

About Cyber Peace Corps

Address: B-55 MIG, Ranchi Jharkhand, India
Phone: (+91) 82350 58865
Email[email protected]