HOMETHREATSlockbit3 fs
RANSOMWARE OPERATION💰 FINANCIAL

lockbit3 fs

Internal ID: lockbit3_fs

Intelligence Profile

LockBit 3.0 ("LockBit Black"), active since June 2022, is the third iteration of the LockBit RaaS platform incorporating code from BlackMatter ransomware, featuring modular encrypted payloads that evade analysis and targeting Windows and VMware ESXi environments across all sectors globally.

Threat Analysis

lockbit3 fs is a ransomware operation that deploys encryption-based extortion against organizations globally. This group maintains a data leak site (DLS) to pressure victims into paying ransom demands.

Financially motivated threat actors like lockbit3 fs prioritize monetary gain through methods such as ransomware deployment, banking trojans, cryptocurrency theft, BEC scams, or credential harvesting for resale on underground markets.

Ransomware Victims (38)

CTIWATCH tracks 38 organizations claimed as victims by lockbit3 fs on its data leak site, with attack dates, sectors and countries.

View full victims list →

Quick Facts

TypeRansomware Operation
Motivation💰 financial

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.