LockBit is a cybercriminal group that operates a ransomware-as-a-service (RaaS) model, first appearing on a Russian-language cybercrime forum in January 2020. The group develops ransomware that encrypts victims' data and threatens to leak it publicly if ransoms are not paid. It was the most prolific ransomware in 2022, responsible for 44% of global ransomware incidents in early 2023. Despite law enforcement takedowns in 2024 and 2025, the group has attempted to continue operations.
CRIMENET has extracted 5 linkages for this organization, including 2 cooperative ties across 2 organizations, 2 conflicts across 2 organizations, 1 other connections and footprints in 10 countries.
In September 2022, the group's hackers claimed cyberattacks against 28 organizations, 12 of which involved French organizations. Among them, the Corbeil Essonnes hospital was targeted...
On its site on the dark web, LockBit stated that it was 'located in the Netherlands, completely apolitical and only interested in money'.
In October 2022, the LockBit group claimed responsibility for an attack on Pendragon PLC, a group of automotive retailers in the UK...
In the United States between January 2020 and May 2023, LockBit was used in approximately 1,700 ransomware attacks...