Over the last five days, LockBit has added more than 150 victims to its data leak site, with just over 100 of these coming through in the last 48 hours. In the same week as LockBit’s alleged leader, Dmitry Yuryevich Khoroshev, was named by law enforcement and hit with his own $10 million ransom, is this LockBit biting back?
At the time of writing, LockBit has uploaded 152 victims to its data leak since Monday 6. Comparitech researchers have been through each of these attacks to analyze what industries and countries have been targeted and how many of these victims have appeared on LockBit’s data leak site before.
LockBit adds over 110 unique new victims (unconfirmed)
After filtering through all of the new victims, we found just over 110 unique new victims from LockBit. The remainder are duplicated victims from LockBit (either unconfirmed or confirmed).
Most of these (109) victims remain unconfirmed with several being claims on recently confirmed attacks. The latter includes Kings Academy in the UK and Ayuntamiento de Torre Pacheco in Spain – both of which confirmed cyber attacks in March of this year. This week, LockBit also claimed the ongoing attack on the City of Wichita.
Of the 109 new unconfirmed victims, 29 (27 percent) were for US companies. India was the second most targeted with 10 new claims. This was followed by Spain with seven new claims, France and Canada with six, and the UK and Germany with five.
Manufacturing companies were the hardest hit (21 claims) accounting for 19 percent of all victims. This was closely followed by the service industry with 20 new victims.
Over 1,100 victims in less than 13 months
According to our data, LockBit has racked up more than 1,100 alleged victims since April 2023. We have logged 947 unconfirmed attacks since April 2023 and 172 confirmed attacks.
During this time LockBit’s average ransom has been just over $4.9 million. This is helped in part by the astronomical demands on CDW Government LLC ($80 million), Kinmax Technology ($70 million), and Boeing’s recently revealed demand of $200 million.
LockBit is also responsible for the breach of at least 1.3 million records during this time.
So far this year, we have tracked 31 confirmed attacks from LockBit and 325 unconfirmed attacks. With such a huge number of attacks coming through over the last week, however, it’s anyone’s guess as to how these figures could change over the coming days/weeks.
Who is LockBit?
LockBit is one of the most prolific ransomware gangs of recent years after first appearing in 2019.
It is believed the group is based in Russia. Often, LockBit will operate a double-extortion model whereby a ransom is demanded to decrypt systems and delete any stolen data.