Evolution of LockBit to 3.0

Date 2022. 07. 04

Executive Summary

  • LockBit ransomware was previously known as ABCD ransomware and belonged to the Maze ransomware cartel, but started independent activity in September 2019 as the Maze gang announced its retirement.
  • Instead of rebranding the existing name like other ransomware groups, LockBit updated its own brand to 2.0 in June 2021, and now updated to LockBit 3.0 in June 2022.
  • The Beta version of LockBit 3.0 was first mentioned while recruiting web pentesters on an underground forum on March 30, 2022.
  • The “Affiliate Rule” is more detailed than any other RaaS group, and as the Conti ransomware ceased operations, it is speculated there will be a shift between affiliates with LockBit.
  • LockBit seems to be trying to strengthen external attacks and OPSEC by starting their own Bug Bounty Program.