LockBit Threat Report – A Gridware Technical Paper


Share on facebook
Share on twitter
Share on linkedin

We are pleased to bring readers our latest detailed technical paper. This report results from the work of Gridware’s Incident Response Team on a particularly challenging and interesting case. 

Gridware’s Incident Response team was notified that a victim organisation was compromised with LockBit ransomware.

Ransom notes were left demanding payment in exchange for the decryption keys.

Gridware was engaged to carry out containment activities and conduct an investigation of the incident to assess both a) the original point of entry into the network and b) the potential for data exfiltration to have occurred.

Because the threat actor deleted all of the backups, the victim chose to pay the ransom to acquire all three decryption keys in order to recover critical data from compromised systems.

While Gridware would not recommend that the ransom is paid, in this case, the data that was lost was critical to ensuring that the victim could continue to operate and minimise the business impact.

We outline our work on this particular in detail in this technical paper – you can download it below.

Bethany Cooper

Bethany Cooper is an Incident Response Manager at Gridware Cybersecurity with a passion for cybersecurity. While still at university, she started working in Gridware’s incident response team and was dedicated to battling evil in cyberspace. After completing the SANS FOR508 course and attaining her GCFA certification, her recent research has focused on the motivations and techniques of Advanced Persistent Threat (APT) groups and malware reverse engineering.


Sydney Offices
Level 12, Suite 6
189 Kent Street
Sydney NSW 2000
1300 211 235

Melbourne Offices
Level 13, 114 William Street
Melbourne, VIC 3000
1300 211 235

Perth Offices
Level 32, 152 St Georges Terrace
Perth WA 6000
1300 211 235

Emergency Assistance

Under Attack?

Please fill out the form and we will respond ASAP. Alternatively, click the button to call us now.