Contact us Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are leading to ransomware attacks

Lockbit

| RaaS

LockBit is one of the most prolific ransomware groups in history, operating as a full RaaS platform that at its peak accounted for an estimated 44% of all ransomware incidents globally in 2023, targeting virtually every sector worldwide through an affiliate model where developers maintain infrastructure and affiliates conduct intrusions.

Victims
5
 
First Discovered
2020-10-21
victim
Last Discovered
2021-08-23
victim
Inactive Since
4yrs
more than
Avg Delay
N/A
attack→claim
Infostealer
N/A
victims with domain
Countries
4
hit
View Victims on World Map View Group Statistics
Known Locations (1)
Favicon Title Type Available Last Visit Server Info FQDN
favicon No 2026-05-13T19:07:17 lockbitkodidilol.onion
Target
Top 5 Activity Sectors
  • Transportation/Logistics 2
  • Technology 2
  • Manufacturing 1
Top 5 Countries
  • TH flag Thailand 1
  • GB flag United Kingdom 1
  • CH flag Switzerland 1
  • IN flag India 1
Heatmap
Vulnerabilities Exploited (8)
This information is provided by Ransomware-Vulnerability-Matrix
Vendor Product CVE Source
Apache Log4j CVE-2021-44228 cisa.gov
Citrix NetScaler ADC & Gateway CVE-2023-4966 doublepulsar.com
Fortinet FortiOS CVE-2018-13379 cisa.gov
Fortra GoAnywhere Managed File Transfer CVE-2023-0669 cisa.gov
F5 iControl REST CVE-2021-22986 cisa.gov
PaperCut PaperCut Application Server CVE-2023-27350, CVE-2023-27351 twitter.com/MsftSecIntel
Windows NetLogon CVE-2020-1472 cisa.gov
Windows Remote Desktop Services CVE-2019-0708 cisa.gov
TTPs Matrix (11)
This information is provided by Crocodyli & Ransomware.live
Initial Access Execution Persistence Defense Evasion Credential Access Discovery Lateral Movement Collection Exfiltration Command and Control Impact
Valid Accounts Windows Management Instrumentation Boot or Logon Autostart Execution: Registry Run Keys Obfuscated Files or Information OS Credential Dumping: LSASS Memory Network Service Discovery Remote Services: Remote Desktop Protocol Archive Collected Data: Archive via Utility Exfiltration Over Alternative Protocol Proxy: Multi-hop Proxy Data Encrypted for Impact
Exploit Public-Facing Application Scheduled Task/Job: Scheduled Task   Indicator Removal: Clear Windows Event Logs Brute Force Domain Trust Discovery Remote Services: SMB/Windows Admin Shares   Exfiltration Over Web Service: Exfiltration to Cloud Storage Remote Access Software Service Stop
Phishing Command and Scripting Interpreter: PowerShell   Disable or Modify Tools     Exploitation of Remote Services       Inhibit System Recovery
Victims (5)
Logo
Bangkok Airways TH
Lockbit
Discovered: 2021-08-23 (4y ago)
No description available
Logo
Accenture
Lockbit
Discovered: 2021-07-30 (4y ago)
No description available
Logo
Merseyrail (Rail network) GB
Lockbit
Discovered: 2021-04-01 (5y ago)
No description available
Logo
Kopter CH
Lockbit
Discovered: 2020-11-30 (5y ago)
No description available
Logo
Press Trust of India (PTI) IN
Lockbit
Discovered: 2020-10-21 (5y ago)
No description available