Ransomware Research

LockBit Ransomware

LockBit is a malicious ransomware strain that encrypts victim files and demands ransom payment for decryption. First observed in the wild on December 1, 2019, this ransomware has been actively targeting systems worldwide. Security researchers also track this malware under the aliases: ABCD, LockBit 2.0, Lock2Bits, LuckyDay, LockBit 3.0.

Quick Facts

Ransomware Family
LockBit
First Seen
December 1, 2019
Known Aliases
ABCDLockBit 2.0Lock2BitsLuckyDayLockBit 3.0

How LockBit Ransomware Works

Targeted Files

Encrypts first 0x40000 bytes

File Encryption Patterns

LockBit modifies encrypted files using specific patterns to mark them as encrypted:

File extensions added after encryption:

..abcd..lockbit..lock2bits..luckyday..hVGakg14U..BBNvvvgMC

Ransom Note and Payment Demands

After encrypting files, LockBit displays ransom notes demanding payment for file recovery:

fileRestore-My-Files.txt

Ransom message:

notes/Restore-My-Files.txt

Note locations:

EveryFolder
filehVGakg14U.README.txt

Ransom message:

notes/hVGakg14U.README.txt

Note locations:

EveryFolder
fileBBNvvvgMC.README.txt

Ransom message:

notes/BBNvvvgMC.README.txt

Note locations:

EveryFolder
screenshot

Ransom message:

notes/BBNvvvgMC.png

Note locations:

Desktop
fileFile Recovery.txt

Ransom message:

notes/File Recovery.txt

Technical Indicators

Associated Executable Files

The following executable files are associated with LockBit ransomware:

  • Lockbit.bin
  • 2.exe
  • PNDlqruXJSRDXAZ.exe
  • sh1.exe
  • t6FF4.exe1
  • tau777.exe
  • lb777.exe
  • mitigation Continuity
  • lkb99.exe
  • LockBIT_172375D30BE340B4.exe
  • LockBit_A9FB6E8B06F112C4.exe
  • bit.exe
  • GeanyPortable_1.38.0.paf.exe
  • LockBit_36.exe
  • 이미지 원본(제가 제작한 이미지)과 사용하고 있으신 이미지 정리한 내용.exe

Elastio Can Help You

Don't let LockBit ransomware take over your data

Elastio provides advanced ransomware protection and recovery solutions to keep your organization safe.

Learn MoreRequest a Demo

About This Analysis

This LockBit ransomware analysis is part of Elastio's comprehensive ransomware detection database. Elastio provides advanced ransomware protection and recovery solutions, helping organizations defend against and recover from ransomware attacks like LockBit.

Last updated: July 30, 2025

Recent Ransomware

Explore other threats in our database

View all ransomware