In a recent breach of the Industrial and Commercial Bank of China (ICBC), the notorious Lockbit cybercriminal group continues its global reign of terror, targeting some of the world's largest organizations. The group, which emerged in 2020, has become the top ransomware threat worldwide, with more than 1,700 American organizations falling victim to its attacks, disrupting various sectors, including financial services, food, education, transportation, and government departments.

Lockbit was first discovered in 2020 when its malicious software surfaced on Russian-language cybercrime forums. This discovery led some security experts to speculate that the group might be based in Russia. However, the group has not expressed allegiance to any government, and no nation has officially attributed it to a state-sponsored entity. According to Lockbit's own claims on its dark web blog, they are based in the Netherlands, portraying themselves as apolitical and solely driven by financial gain.

Over the past three years, Lockbit has gained notoriety, making it a global threat. The group has achieved infamy for its disruptive attacks and data breaches, with the United States being one of its hardest-hit regions. Its victims range from financial institutions, such as banks and hedge funds, to industrial giants like Boeing. In a recent incident, Lockbit leaked sensitive data obtained from Boeing's systems, highlighting the group's audacity and capabilities.

Lockbit's primary modus operandi is to infect a target organization's systems with ransomware, encrypting valuable data. Subsequently, they coerce the victims into paying a ransom in cryptocurrency to decrypt or unlock their data. Cryptocurrency payments offer anonymity and are challenging to trace, making them an ideal choice for ransom transactions.

To combat this global ransomware scourge, a coalition of 40 countries, led by the United States, has been sharing intelligence on the cryptocurrency wallet addresses of these criminals. This collaborative effort aims to disrupt the financial aspect of ransomware operations.

On the dark web, Lockbit maintains a grim gallery of victim organizations, updating it almost daily. Alongside each victim's name, digital countdown clocks indicate the days left to meet the ransom demand. Failure to pay results in the public release of sensitive data. Some organizations choose to work with cybersecurity firms to identify leaked data and negotiate ransom amounts, keeping these discussions private, often spanning days or weeks.

However, not all victims are publicly disclosed on Lockbit's blog, as some prefer private negotiations. ICBC's US unit, which is currently recovering from the breach, was not listed on Lockbit's blog as of the latest update.

Lockbit's success hinges on its network of "affiliates"-like-minded criminal groups recruited to launch attacks using Lockbit's digital extortion tools. The group's website proudly highlights its hacking achievements and sets out a detailed set of rules for cybercriminals interested in collaboration. One of these rules advises applicants to seek endorsements from individuals already associated with Lockbit.

This web of alliances between cybercriminal groups creates challenges in tracking hacking activities and ransom attempts. Each attack can differ in tactics and techniques, complicating the efforts to combat these threats.

The rise of Lockbit serves as a stark reminder of the ever-evolving and expanding landscape of cybercrime. Governments and organizations worldwide are working diligently to bolster their cybersecurity measures, sharing intelligence and expertise to combat the relentless scourge of ransomware.