LockBit 3
LockBit 3 is a prominent ransomware group referenced as one of the most active ransomware operations by victim count across 2023–2025. Despite significant law-enforcement actions in 2025 (including arrests, infrastructure seizures, and takedowns affecting major ransomware groups), LockBit 3 remained among the high-profile and active ransomware groups during this period. The provided content does not specify LockBit 3’s targets, victim industries/geographies, tooling, initial access methods, or specific TTPs beyond being part of the broader 2025 ransomware ecosystem in which social engineering (notably phone-based credential theft) is described as a primary attack vector and where groups experienced fragmentation/rebranding under law-enforcement pressure. No aliases or sub-groups for LockBit 3 are mentioned in the content, and no nation-state attribution is provided.
Know when an actor pivots toward your sector
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
Recent activity
2 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Lockbit 3 is known for conducting widespread ransomware attacks, consistently ranking among the top groups by number of claimed victims.
Established ransomware actor continuing operations despite law-enforcement disruption.
The version that knows your environment.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.