Executive Summary

• LockBit ransomware was previously known as ABCD ransomware and belonged to the Maze ransomware cartel, but started independent activity in September 2019 as the Maze gang announced its retirement.
• Instead of rebranding the existing name like other ransomware groups, LockBit updated its own brand to 2.0 in June 2021, and now updated to LockBit 3.0 in June 2022.
• The Beta version of LockBit 3.0 was first mentioned while recruiting web pentesters on an underground forum on March 30, 2022.
• The “Affiliate Rule” is more detailed than any other RaaS group, and as the Conti ransomware ceased operations, it is speculated there will be a shift between affiliates with LockBit.
• LockBit seems to be trying to strengthen external attacks and OPSEC by starting their own Bug Bounty Program.