Skip to main content

Ransomwhere.org

Dashboard Live Map About Feed Groups

Payments TTPs Identify News API

LIVE

Ransomwhere.org

Real-time ransomware intelligence platform. Tracking threat actors, victims, and payments to raise awareness and help defend against ransomware attacks worldwide.

Platform

Live Map
Latest Victims
Groups
Payments
Identify
News

Resources

Data & Methodology
API Docs
RSS Feed
About
Privacy Policy
Terms of Service
NoMoreRansom
Ransomware.live
CISA Advisories

For informational purposes only.

© 2026 Ransomwhere.org

Groups/lockbit

// group profile

lockbit

Inactive

LockBit is one of the most prolific ransomware groups in history, operating as a full RaaS platform that at its peak accounted for an estimated 44% of all ransomware incidents globally in 2023, targeting virtually every sector worldwide through an affiliate model where developers maintain infrastructure and affiliates conduct intrusions.

5

Victims

1

Sites

Victims (5)

Live

Bangkok Airways

lockbitThailand

Accenture

Merseyrail (Rail network)

lockbitUnited Kingdom

Kopter

lockbitSwitzerland

Press Trust of India (PTI)

Known Leak Sites

lockbitkodidilol.onionDLS

Top Targeted Countries

Thailand1

United Kingdom1

Switzerland1

India1

MITRE ATT&CK

T1486Data Encrypted for Impact

Multi-threaded encryption using AES+RSA

T1490Inhibit System Recovery

Deletes shadow copies and disables recovery mode

T1489Service Stop

Stops security, database, and backup services

T1021.002SMB/Windows Admin Shares

Self-spreading via SMB

T1547.001Registry Run Keys

Establishes persistence via registry

T1562.001Disable or Modify Tools

Disables Windows Defender and EDR

Activity

Total victims5

Countries affected4

Last seenNo recent activity

Explore

Ransomware NewsRelated articles

Check DecryptorsFree tools

Payment DataRansom tracking

MITRE ATT&CKTechniques

Live MapGlobal view

Source: ransomware.live|Refreshes every 5 min