Recent research by Trellix Advanced Research Center indicates that the LockBit ransomware group heavily targeted China and the US from December 2024 to April 2025, impacting 156 organizations. LockBit's strategy differs from other ransomware as it actively engages with Chinese targets and shifts focus among affiliates in the US. Manufacturing and consumer services sectors were the most affected. Taiwanese organizations also faced significant threats, highlighting LockBit's sophisticated navigation of regulatory environments and willingness to engage in politically-sensitive operations.
"Unlike BlackBasta and Conti RaaS groups that occasionally probe Chinese targets without encrypting them, LockBit appears willing to operate within Chinese borders and disregard potential political consequences, marking an interesting divergence in their approach."
"The victimology data reveals some unexpected targeting patterns. It's particularly surprising to see such a concentrated effort on Chinese and Taiwanese organizations."
"Unlike other ransomware groups that might shy away from such politically sensitive targets, LockBit appears to have operated with a different calculus."
Collection
[
|
...
]