The first activities attributed to Lockbit were recorded in September 2019, Ransomware became popular in 2021 thanks to the development of the LockBit 2.0 RaaS.

The Ransomware was used in attacks on more than 2,000 companies worldwide.

Lockbit uses the double extortion technique, in addition to that for data they require an additional ransom for non-disclosure of sensitive data.

LockBit affiliates (or Operators) often perform Brute-Force activities to gain RDP or VPN access to Companies, often purchase credentials in criminal marketplaces or use Phishing techniques to compromise victims’ accounts.

This ransomware uses AES algorithm in CBC mode to encrypt victims’ data.



Alias: –

The Conti criminal group develops and maintains the RaaS (Ransomware-as-a-Service) service, the first samples of which date back to 2019.

This is a highly efficient, multi-threaded ransomware used in targeted operations against large businesses. The name derives from the “.CONTI” format in which files encrypted via AES-256 and RSA-4096 are saved.

Initial access to infrastructure is often achieved through malware such as EMOTET, TRICKBOT and COBALT STRIKE, or through RDP and VPN credential theft.




Hive is the name of the group that develops and maintains the Hive RaaS service, born in 2021. The affiliates, to compromise the victim infrastructures, exploit various techniques based on the initial compromise via Phishing and Malware.

Hive uses the double extortion technique, in addition to the ransom for the data, it requests an additional ransom for the non-disclosure of sensitive data.