TALES FROM THE TRENCHES: An Analysis of LockBit Ransomware

The white paper discusses a real-life example of Northwave’s incident response team dealing with a relatively new ransomware family called LockBit. We offer unique insights into a targeted LockBit attack in which various aspects are discussed.

For example, a ‘typical ransomware attack’ is described, but also the approach of the attackers is discussed. Furthermore, the recovery process is explained and how the criminal circuit advertises this type of ransomware. In addition, a technical explanation of the ransomware follows.

In conclusion, an extensive list of IOCs can be found in this whitepaper. This has been drawn up on the basis of various samples that we were able to collect during our LockBit research.