LockBit leads ransomware activity this summer, outpacing two splinter groups derived from the defunct Conti operation. Threatpost's analysis identifies LockBit as the dominant threat actor in current ransomware campaigns, followed by Conti offshoots that maintain operational capacity despite the parent group's takedown.
Defenders tracking ransomware trends should monitor LockBit's evolving attack chains and the Conti successor groups' infrastructure. LockBit continues leveraging double-extortion tactics, combining encryption with data theft to pressure victims into paying ransoms. The Conti splinters operate under different names but retain access to similar toolkits and victim networks.
Organizations should prioritize network segmentation, endpoint detection and response deployment, and offline backup strategies. Incident responders need current intelligence on LockBit's command-and-control infrastructure and Conti spinoff operational patterns to accelerate containment. Threat intelligence feeds tracking these groups' leak sites and ransom demands provide early warning of active campaigns targeting specific sectors.