Get in Touch

Contact us to learn more about our elite cybersecurity services and industry-leading technologies.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Emergency Incident Assistance

Is your network under attack? Get in touch with a
BreachQuest Specialist right away with this form.

You can also reach us by calling our 24/7 hotline.

+1 888 409 5811

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

You can also reach us by calling our 24/7 hotline.

+1 888 409 5811

What is LockBit?

By: BreachQuest

Ransomware Prevention

Formerly known as “ABCDransomware, LockBit is ransomware that requests financial payment in exchange for decrypting files. It primarily focuses on medium to large-scale enterprises and government organizations rather than individuals. The ransom amount is typically based on the size of the organization. Recently they have been in the news by claiming to have hacked Mandiant, a cybersecurity firm that recently published a research paper on the ransomware group.

LockBit was first seen in September 2019, known as the “. abcd virus”. It originally got this name from the file extension used when encrypting a victim’s files. Over the years, it has changed to be known as LockBit, LockBit 2.0, and most recently, LockBit3.

LockBit functions as ransomware-as-a-service (RaaS). Ransom payments are shared between their development team and the threat actors.

How does LockBit work?

LockBit ransomware is a targeted attack, and once on a network, it is self-spreading ransomware that uses tools such as Windows PowerShell and Windows Server Message Block (SMB). The most notable feature is its ability to spread without manual intervention. This differentiates it from other ransomware attacks, which require an extensive manual recon and surveillance period.

After a single host has been infected manually, it is able to find other hosts and spread the infection using a script without human intervention.

In LockBit 2.0, they developed a Linux-based malware that takes advantage of vulnerabilities within VMWare ESXi virtual machines.

In June 2022, the LockBit group announced a second re-brand to their affiliate program, introducing it as LockBit 3.0. After critical bugs were discovered in LockBit 2.0 in March 2022, the new version introduces new features such as an instant search tool to their leak site and accepting ZCash for payments in addition to Monero and Bitcoin. LockBit 3.0 (also referred to as “LockBit Black”), is now active in the wild encrypting files on victim machines and appending them with the extension “HLJkNskOq.”

How to defend against LockBit?

LockBit is a sophisticated form of ransomware that uses state-of-the-art techniques to perform its ransomware operations. Their victims range across various sizes and types of enterprises. Some cybersecurity best practices can create the first line of defense against these threat actors:

Use strong passwords and enforce multi-factor authentication wherever possible

  • Turn on the automatic software, and patch update features on your computer, mobile, and other connected devices.
  • Use an EDR, MDR, or XDR security software package on your network-connected devices.
  • Educate employees with respect to opening untrusted links and email attachments without verifying their authenticity.
  • Conduct regular backups and keep those backups offline or in a separate network.
  • Perform periodic restore exercises to guarantee the viability of your recovery plans.
Share this article:

Sign up for our newsletter to get more industry news and insights.

Related Insights


BlackCat – The New Ransomware on the Block

Read more


The Conti Leaks | Insight into a Ransomware Unicorn

Read more


The RAT is out: The new Nerbian Rat on the Market

Read more