Published in News

LockBit 3.0 is still the world’s prolific encryption and extortion gang

by on14 August 2024
LockBit 3.0 is still the world’s prolific encryption and extortion gang


Six gangs account for more than half of the infections.

Despite a law enforcement takedown six months ago, LockBit 3.0 remains the most prolific encryption and extortion gang so far this year.

Palo Alto Networks' Unit 42 has been adding up some numbers, and divided by its shoe size and reached the conclusion that of the 53 ransomware groups whose underworld websites the incident response team monitored, just six accounted for more than half of the total infections observed.

Unit 42 reviewed announcements posted on these crews' dedicated leak sites during the first six months of 2024 and counted 1,762 posts, representing a 4.3 per cent year-over-year increase from 2023.

Also, these figures compare the first half of 2024 with the full year 2023.

Over the first half of 2024, LockBit 3.0 (Flighty Scorpius) posted 325 victims on its leak site, compared to 928 in all of 2023. This was enough to land the crew at the halfway mark in the No. 1 spot.

Coming in second: the Play (Fiddling Scorpius) gang named 155 victims during 2024 H1, compared to 267 last year. This jump moved the group up from the No. 4 spot in 2023 to second place so far this year.

Meanwhile, 8base (Squalid Scorpius), a relative newcomer from last year believed to be a rebrand of Phobos, came in third during the first half of 2024 with 119 claimed victims. In 2023, the criminals claimed 188 victims, which put them in sixth position.

Akira (Howling Scorpius), dubbed the next big thing in ransomware, came in at No. 4, with 119 victims this year. In 2023, it posted 192 victims and took fifth place.

BlackBasta (Dark Scorpius), with 114 victims, was the fifth most prolific ransomware gang between January and June. It didn't even make the top six last year.

Medusa (Transforming Scorpius) allegedly infected 103 victims so far this year. It also didn't make the top six in 2023.

A couple of notable gangs absent from this year's list include ALPHV/BlackCat (Ambitious Scorpius), which came in second last year with 388 victims, and the No. 3-ranked CLOP (Chubby Scorpius), with 364 victims in 2023.

The report also notes several high-profile disruptions that happened earlier this year and late in 2023.

"Takedowns of prominent ransomware groups, forums and individuals in the first half of the year have created ripples throughout the criminal ecosystem," the report noted.

In December 2023, an FBI-led operation seized ALPHV/BlackCat's websites and released a decryption tool for its ransomware.

That didn't completely derail the crew, which roared back to life when an affiliate locked up Change Healthcare's IT systems and shut down pharmacies across the US. ALPHV pulled an exit scam shortly after the ransom was allegedly paid.

Then in February, we saw the NCA-led takedown of the LockBit 3.0 Tor site and the unmasking and sanctioning of its leader, Dmitry Khoroshev, aka LockbitSupp, a month later.

In May, international cops took control of the website and Telegram channel belonging to ransomware brokerage site BreachForums. A month later, they arrested the leader of Scattered Spider, another ALPHV affiliate.

Last modified on 14 August 2024
Rate this item
(0 votes)
More in this category: « Texas sues General Motors for stealing customer data Foxconn sees a six per cent rise in profit »
back to top

Most popular

Latest comments