LockBit Ransomware Group | Binary Response Threat Intelligence

Key Facts

Also Known As:

LockBit 3.0, LockBit Black

Ransomware Family:

LockBit

Primary Targets:

Enterprise networks, Critical infrastructure

Common Ransom Demands:

Typically $1M+

File Extension:

.lockbit extension

Leak Site:

lockbitapt[.]onion

Defense Recommendations

Patch VPN and remote access systems regularly
Implement multi-factor authentication (MFA)
Regular security awareness training
Network segmentation
Backup and disaster recovery testing
Endpoint detection and response (EDR)

Related Resources

Back to Threat Intel Hub Incident Response Dark Web Monitoring Contact Our Team

Group Overview

One of the most prolific ransomware groups operating a RaaS model with affiliates worldwide.

Notable Attacks

Royal Mail
Boeing
ICBC

Tactics, Techniques & Procedures (TTPs)

Initial Access

Double extortion
Ransomware-as-a-Service

Encryption & Impact

.lockbit extension, custom Salsa20 algorithm

Data Exfiltration

This group employs double extortion tactics, stealing data before encryption and threatening to publish it on their leak site if ransom demands are not met.

Recent Activity

Based on our dark web monitoring, LockBit remains actively targeting organizations worldwide. Recent victimology shows a focus on enterprise networks sectors.

Current Threat Level: HIGH

This group is currently active and poses a significant threat to organizations in their target sectors.

How Binary Response Can Help

If you suspect a LockBit ransomware infection in your network:

Immediate Containment

Our incident response team can help isolate the infection and prevent further spread.

Forensic Investigation

We'll determine the initial access vector and scope of the compromise.

Negotiation & Recovery

Our experienced negotiators can engage with the threat actors if appropriate.

Need Immediate Assistance?

Our 24/7 incident response team is ready to help.

Call Now: +44 800 112 3456 Learn About IR Retainers