Quick Links
In recent years, LockBit has been one of the most notorious ransomware gangs, extorting hundreds of millions of dollars and laying waste to enormous amounts of data in the process.
But now, combined law enforcement efforts have significantly disrupted LockBit’s infrastructure, taking down its website and uncovering its affiliate network and cryptocurrency holdings. Unfortunately, that doesn’t mean ransomware is taking a break, as there are heaps of other ransomware types waiting to fill the void.
What Is LockBit Ransomware?
Ransomware is one of the worst types of malware, locking down your machine and demanding payment to release your data unscathed.
LockBit is a criminal group that manages, operates, and distributes ransomware by the same name. LockBit ransomware is notorious and has hit tens of thousands of businesses, organizations, and regular folks worldwide, potentially earning billions of dollars in the process.
LockBit is particularly dangerous as it self-propagates—that is, it can spread on its own, which makes it almost unique among ransomware types. Because of this, stopping a LockBit ransomware attack is extremely difficult, as the ransomware can identify other vulnerable targets without any human interaction.
Furthermore, the LockBit group regularly releases updates for its ransomware, adding new features and tweaking its functionality, responding to threats against its efficacy.LockBit 3.0 was the last major update, launched in June 2022.
What Happened to LockBit?
On August 13, 2025, law enforcement agencies, including the FBI, the UK’s National Crime Agency, and Europol, revealed that a combined operation had severely disrupted LockBit’s organization.
“Operation Cronos” locked LockBit’s owners and affiliates (yes, LockBit had an affiliate network using its ransomware and paying a percentage to the developers, using aransomware as a service model) out of its own network, taking down some 11,000 domains and servers in the process. Two LockBit developers were also arrested, while other LockBit affiliate users have also been arrested as part of the same operation.
According toCISA, LockBit attacks made up more than 15 percent of all ransomware attacks across the US, UK, Canada, Australia, and New Zealand in 2022, which is a phenomenal figure. But with LockBit’s primary administration account and platform under the control of the authorities, its ability to launch and control its network has been effectively wiped out.
When Will LockBit Decryption Tools Become Available?
Moving fast, some of the organizations involved in the LockBit takedown have already begun releasing LockBit decryption tools and providing LockBit decryption keys for victims.
There is no guarantee that you’ll successfully recover files encrypted with LockBit, but it’s absolutely worth a try, especially as LockBit didn’t always send the correct decryption key, even after receiving a ransom payment.
5 Types of Ransomware That Will Replace LockBit
LockBit was responsible for an enormous amount of ransomware, but it’s far from the only ransomware group in operation. LockBit’s demise is likely to create a short-lived vacuum for other ransomware groups to move into. With that in mind, here are five different types of ransomware to keep watch for:
Malwarebytes researchshows that while LockBit was one of the most prolific types of ransomware, the top ten ransomware organizations are responsible for 70 percent of all ransomware attacks. So, even without LockBit, ransomware is absolutely waiting in the wings.
Is LockBit Ransomware Completely Done?
As amazing as the news of LockBit’s demise is, no, LockBit ransomware isn’t completely in the ground.Ars Technicareports new LockBit attacks days after the takedown, and that’s for a couple of reasons.
One, although LockBit’s infrastructure was taken down, that doesn’t mean the ransomware code doesn’t exist. A version of LockBit’s source code was leaked in 2022, and it could be that leading to the new attacks. Furthermore, LockBit had an enormous network spanning numerous countries. While its base of operations was focused in Russia, an organization of this size and sophistication definitely has backups and methods for getting back online, even if it takes a little while to rebuild.
Without doubt, we have not seen the last of LockBit ransomware.
