Canada and six other countries on Wednesday identified the digital extortion gang operating under the “Lockbit” banner as the world’s top ransomware threat.
In a joint advisory, U.S., Canadian, British, French, German, Australian and New Zealand cyber authorities said Lockbit’s extortion software, used to scramble victims’ data until a ransom is paid, was the most broadly used by cybercriminals.
“In 2022, LockBit was the most deployed ransomware variant across the world and continues to be prolific in 2023,” the advisory said, adding that the gang and its affiliates “have negatively impacted organizations, both large and small, across the world.”
Ransomware has been an online threat for years and the business around it has become increasingly sophisticated. Lockbit is one of several groups that uses an affiliate model, effectively letting other cybercriminals use its code and infrastructure in return for a cut of the profits.
The advisory only cited hard figures from three countries, with 1,700, Lockbit-related incidents reported or confirmed in the United States, 69 in France and 15 in New Zealand. But Lockbit accounts for a big chunk of the ransomware incidents tracked by all seven governments, according to advisory, which said the agencies involved attributed somewhere between 11 to 23 per cent of all recent ransom-seeking hacks to the group.
German, Canadian and Australian officials did not immediately return messages seeking further details and figures. British authorities declined to comment.
It makes sense to describe Lockbit as a top ransomware actor, said Brett Callow, an analyst with cybersecurity company Emsisoft. He said the figures cited in the advisory were “likely significantly understated.”
Callow added that the global cooperation that went into the advisory was an encouraging sign.
“I don’t recall so many agencies collaborating on an advisory before,” he said. “It’s great to see.”
(Reporting by Raphael Satter; additonal reporting by James Pearson in London; Editing by David Gregorio)