A new analysis claims that the LockBit ransomware gang, using the LockBit 3.0 encryptor, was the most visible and destructive cybercriminal organisation of 2017.

In its annual “year in review” report, Trustwave asserts High rewards that attract experienced malicious actors, frequent buying of new vulnerabilities, and a bug bounty scheme that provides high-paying bounties reportedly helped LockBit 3.0 maintain its reputation as the most notorious ransomware player.

Trustwave predicts that because to “all these initiatives and the continuous performance of the organisation,” LockBit will continue to be the most active and effective group for the foreseeable future.

Recently released variants of ransomware

This group also released LockBit3.0, the most recent version of its ransomware, in2022. This version included several new features, including automated permission elevation, disabling Windows Defender, a “safe mode” to circumvent antivirus solutions, and a multi-encryption system that reduces the likelihood of a third party providing a working decryptor.

They conclude that LockBit was used in almost half (44%) of all successful ransomware attacks in 2017.

BlackBasta (which analysts believe has close links to former leaders, Conti), Hive (whose affiliate model won it the title “most outstanding ransomware operator”), and BlackCat were other big gangs spreading havoc throughout the cyberworld in 2022. (AKA ALPHV).

Nine percent of all ransomware assaults recorded in Q3 2022 were reportedly carried out using Hive, with another six and a half percent being attributable to BlackCat.