LockBit Ransomware is an emerging threat and growing stronger day by day. It is following the footsteps of REvil and Maze Ransomware by threatening to publicize the user data if the ransom demand is not fulfilled. LockBit does not target user in Russia and CIS (Commonwealth of Independent States) countries.
LockBit leverages a very similar service-list to MedusaLocker Ransomware. It comes as no surprise that crooks copy these lists, so they don’t have to reinvent the wheel. The unique Registry run key and ransom note filename that was written by LockBit XO1XADpO01 and Restore-My-Files.txt were also seen being used by Phobos, and by a Phobos imposter ransomware. This would suggest that there is a connection between these families.