LockBit remains most dangerous ransomware despite fall in attacks

Abstract Technology Binary Code Dark Red Background
(Image credit: Getty Images)

Ransomware attacks by LockBit represent a shrinking proportion of global ransomware and digital extortion (R&DE) attacks in 2023, according to new research, but still represent the most significant threat to organizations in the UK.

Analysis shows that the group is still the primary R&DE threat to all industries globally regardless of location, according to ZeroFox. 

But when compared to the total number of R&DE attacks recorded in 2023, LockBit’s share of global attacks is shown to be decreasing, which ZeroFox attributes to new threat collectives adopting alternative or homemade ransomware strains.

The research found LockBit attacks accounted for just under 30% of global RD&E attacks in the first quarter of 2023, and this fell to around 15% by Q3.

UK-specific data recorded by ZeroFox shows LockBit still poses a significant threat to organizations in the UK, but this is also expected to give way to alternative ransomware strains over the coming year.

Based on a quarterly average over the period from January 2022 to November 2023, LockBit accounted for approximately 20% of all attacks against UK-based organizations.

The most frequently targeted industries in the UK were manufacturing, retail, professional services, and legal & consulting.

The percentage of global LockBit-specific attacks that targeted UK businesses was below the proportion of all incidents targeting the UK, further highlighting the diverse array of cyber criminal groups targeting organizations across the country.

Despite this, the UK’s share of global LockBit attacks has been on the rise throughout 2023, from 3.5% in the first quarter to 7.9% in Q4 (using data as of November 30 2023).

Compared to the rest of Europe, the UK does appear to be receiving an inflated number of LockBit-based attacks, according to the report, suggesting the group is specifically targeting UK organizations.


2023 ThreatLabz state of ransomware report

(Image credit: Zscaler)

Learn about what will shape future ransomware defense strategies


“LockBit’s Europe-focused targeting has decreased, whereas its attacks against the UK have remained broadly consistent — meaning UK organizations represent an increasing proportion of LockBit’s Europe-focused targeting,” the report said.

“Diversification of the R&DE threat landscape is driving LockBit to account for an increasingly smaller proportion of total R&DE against the UK.

“Despite the frequency of LockBit attacks against the region remaining high, other groups — including newly formed, highly prolific collectives — are demonstrating an even greater focus on targets in the country”.

LockBit still a pervasive threat globally

North America was subjected to the lion’s share of LockBit attacks, ZeroFox analysis shows, with an average of 40% of LockBit victims being located in the region. 

The firm said it expects this proportion to reach nearly 50% by the end of 2023.

Like the UK, however, LockBit’s market share of R&DE attacks within North America is shrinking. The report reveals the proportion of R&DE attacks targeting organizations in NA has decreased from around 25% in Q1 2023 to just over 10% in Q3.

In Europe, LockBit attacks are also overrepresented in terms of the percentage of total RD&E attacks, ZeroFox said. Europe received roughly 29% of all LockBit attacks recorded in 2023 despite only receiving an average of 26.5% of all R&DE attacks globally.

ZeroFox forecast the downward trajectory of LockBit’s share of European ransomware attacks to continue.

Solomon Klappholz
Staff Writer

Solomon Klappholz is a Staff Writer at ITPro. He has experience writing about the technologies that facilitate industrial manufacturing which led to him developing a particular interest in IT regulation, industrial infrastructure applications, and machine learning.