// THREAT ACTOR
LOCKBIT_
DormantLockBit is one of the longest-running and most prolific ransomware-as-a-service operations in the world, originally launched in 2019. The brand has gone through several iterations — LockBit 2.0, LockBit 3.0 ("Black"), and a relaunched LockBit 5.0 — and recruits affiliates who deploy its file-encrypting malware against hospitals, manufacturers, governments, and Fortune 500 enterprises in exchange for a cut of the ransom. International law-enforcement disrupted core LockBit infrastructure during 2024’s Operation Cronos, but successor branding has continued to claim victims.
For Ransomnews editorial coverage of LOCKBIT — incident write-ups, attribution notes, and additional context — see the Threat Groups archive or run a site search.
Leak site mirrors
2 mirrors tracked, 0 currently reachable. These are criminal-infrastructure URLs — links are deliberately not provided.
-
lockbitkodidilol.onion -
lockbitks2tvnmwk.onionsnapshot · 2024-12-12 12:09