(Reuters) — The United States and six other countries on Wednesday identified the digital extortion group operating under the Lockbit banner as the world’s top ransomware threat.
In a joint advisory, US, Canadian, UK, French, German, Australian and New Zealand cyber authorities said Lockbit’s ransomware, which is used to scramble victims’ data until a ransom is paid, was the most widely used by cybercriminals.
“In 2022, LockBit was the most widely deployed ransomware variant worldwide and continues to be prolific in 2023,” the advisory said, adding that the gang and its affiliates “have negatively impacted organizations, both large and small, worldwide.”;
Ransomware has been an online threat for years and the business around it has become increasingly sophisticated. Lockbit is one of several groups that use an affiliate model, effectively allowing other cybercriminals to use its code and infrastructure in exchange for a cut of the profits.
The advisory report only cited hard numbers from three countries, with 1,700 Lockbit-related incidents reported or confirmed in the US, 69 in France and 15 in New Zealand.
But Lockbit accounts for a large portion of the ransomware incidents tracked by all seven governments, according to advisory departments, which said the agencies involved attributed somewhere between 11% and 23% of all new ransomware hacks to the group.
German, Canadian and Australian officials did not immediately return messages seeking additional details and figures. British authorities declined to comment.
It makes sense to describe Lockbit as a top ransomware player, said Brett Callow, an analyst at cybersecurity firm Emsisoft. He said the numbers cited in the advisory were “likely significantly underestimated.”
Mr. Callow added that the global cooperation included in the advisory was an encouraging sign.
“I can’t remember so many agencies collaborating with an advisory before,” he said. “It’s great to see.”