After dominating for eight months, LockBit has been overtaken by ransomware gang Play in the wake of a law enforcement crackdown and unmasking of LockBit’s alleged creator. Credit: Zephyr_p / Shutterstock Well-known ransomware gang LockBit has been usurped as the world’s top ransomware gang, according to a recent report from NCC Group. For the past eight months, LockBit has led the world in ransomware attacks. But the group had its assets seized in February in connection with a crackdown by The National Crime Agency of the UK, working in conjunction with the FBI and international law enforcement, known as “Operation Chronos.” LockBit ransomware-as-a-service (RaaS) was launched in 2019, and by 2022, it was vying with Russia-backed Conti for the top ransomware group. Conti’s disintegration into smaller groups led the way for LockBit to take the top slot, selling access to its ransomware to third-party cybercriminal groups, with a commission scheme for money received as ransom from attacks. Two weeks ago, the UK National Crime Agency and the US Department of Justice announced unmasked the Russian national alleged to be the creator and administrator of the LockBit ransomware program. Now, cybersecurity company NCC Group reports that for the first time in eight months, LockBit has also been overtaken by Play as the world’s top ransomware gang, with 32 attacks in April compared to LockBit’s 23 attacks. [ For a look at the latest emerging ransomware groups filling the void, see “Emerging ransomware groups on the rise: Who they are, how they operate.” ] According to NCC Group, the amount of ransomware activity has also decreased by 15% during April compared to March. Compared to April last year, however, the number of ransomware attacks during the month increased by 1%. NCC Group writes that the police crackdown on LockBit probably contributed greatly to the leveling off of ransomware attacks of late. Still, high-profile attacks continue to grab headlines, with ransomware now topping the list of CISO’s biggest perceived threats, according to Proofpoint’s recent Voice of the CISO survey. LockBit in the news: Did hackers steal 33TB of data from the Federal Reserve? FBI offers to share 7,000 LockBit ransomware decryption keys with CISOs Administrator of ransomware operation LockBit named, charged, has assets frozen SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe