LockBit leads ransomware activity this summer, outpacing two splinter groups derived from the defunct Conti operation. Threatpost's analysis tracks LockBit's campaign volume and establishes it as the dominant threat actor in the current ransomware landscape.
LockBit's prominence reflects both operational capability and the group's evolution following disruptions to competing operations. The two Conti offshoots maintain secondary but notable attack rates, suggesting the original group's infrastructure and tactics dispersed across successor organizations rather than disappearing entirely.
Defenders should prioritize LockBit's known attack vectors: credential compromise, unpatched remote access services, and phishing campaigns targeting administrative accounts. Organizations lacking multi-factor authentication, network segmentation, and backup isolation face elevated risk. Monitoring for LockBit's characteristic double-extortion tactics—data exfiltration paired with encryption—provides early detection opportunities. Incident response teams should prepare for negotiations with this group's known ransom demands and public leak site operations.
The activity surge underscores ransomware's sustained profitability as a criminal business model. Groups consolidate, rebrand, and emerge under new names while maintaining operational continuity.