Posted March 8, 2023

Cyber Security: LockBit Carries Out Record Number of Ransomware Attacks

Report shows notorious Russian-linked ransomware gang superseded its own record in February 2023.

The Notorious LockBit ransomware group has broken its cyberattack record, carrying out 101 attacks in one month, according to research by NordLocker. In February 2023, the most active ransomware group superseded its own record and carried out the most monthly attacks since its inception in 2019. As expected, the main target was US companies.

What is LockBit?

LockBit is the most active ransomware group and carries out most attacks globally. The NordLocker report says the group has carried out more than 1,300 attacks since January 2020, but the most attacks by month occurred in February 2023. The group has doubled its monthly attack record compared to previous months.

The LockBit ransomware group first appeared in September 2019, and since 2021 has quickly become one of the most notorious cyberattack groups in the world. While the exact origins of the ransomware group are not known, it has alleged links to Russia.

In just a few months, the group managed to increase its attacks to an average of 60 per month in 2022. In comparison, the second most active group, AlphaVM (Blackcat), carries out an average of 16 attacks per month, which is more than four times fewer than LockBit. Last year, The Federal Bureau of Investigation (FBI) released several warnings about this group and was investigating their activities.

LockBit targets

The majority of victims are private and public US companies.

Last year, the primary targets were companies in the construction, finance, and technology industries. However, experts have noticed LockBit’s shift to targeting companies in real estate.

“Although some industries are more lucrative for ransomware gangs, no company is completely safe from these ransomware attacks, regardless of their size or industry. In fact, just recently, the Canadian book and music retailer Indigo fell victim to LockBit but refused to pay the group’s ransom,” says Darius Borisas, head of business development for NordLocker.

How can businesses protect themselves from ransomware attacks?

Darius Borisas explains that by definition, ransomware is a type of malware that restricts users’ access to their files and demands payment. But how it does that, what kind of payment is requested, and what is encrypted differ greatly. Therefore, business owners are advised to consider implementing best practices for how to keeping their business protected from ransomware. However, the best actions to start with are the following:

● Encourage proper file hygiene, encryption, and backups. File hygiene and backups can't stop cyberattacks, but they give the company leverage. Even if a company becomes a target for ransomware, the ability to restore data immediately will guarantee business continuity. And if the company keeps the files encrypted, the information will be unreadable to hackers.

● Encourage cybersecurity training. Investing in your employee’s knowledge is the most cost-effective way to protect your organization from ransomware because 82% of cyberattacks happen due to human error. It should be organized regularly and have a holistic approach that includes every employee.

● Keep software up to date. Most cyberattacks either use social engineering to exploit the flaws in human nature or malware utilizing outdated software. Make sure everyone at the company understands how important it is to keep software up to date.

● Adopt zero-trust network access, meaning that every access request to digital resources by a staff member should be granted only after their identity has been appropriately verified.

Methodology: Data was collected from publicly available blogs where ransomware gangs post the names of their victims and their demands. The ransomware attacks under investigation all happened during the period between 01/01/2020 to 28/02/2023.


NordLocker is the world’s first end-to-end file encryption tool with a private cloud. It was created by the cybersecurity experts behind NordVPN – one of the most advanced VPN service providers in the world. NordLocker is available for Windows and macOS, supports all file types, offers a fast and intuitive interface, and guarantees secure sync between devices. With NordLocker, files are protected from hacking, surveillance, and data collection. For more information: