What We Do
How We Do
Get Started

Dissecting LockBit’s Ransomware Operations with Keegan Keplinger and Brandon Stencell

About the Episode

Since their emergence in 2019 under the moniker 'ABCD', the LockBit ransomware-as-a-service gang has carved out a notorious reputation as a leading purveyor of ransomware.

Their notoriety was cemented by pioneering triple extortion techniques and causing unprecedented disruption across the globe. However, they suffered a significant blow with the orchestrated international law enforcement operation named 'Operation Cronos'.

In this episode, Keegan Keplinger and Brandon Stencell, provide a gripping account of LockBit's operations, their innovative TTPs, and the collaborative law enforcement efforts that led to their partial dismantling.

We also offer an insider's look into how the takedown was executed, the resurgence of LockBit and the new Dark Web leak sites, and the broader implications for cybersecurity professionals.

Key discussion points include:

  • The evolution and operational methods of LockBit since its inception.
  • Insights into 'Operation Cronos' and its impact on LockBit’s infrastructure.
  • The tactical shutdown of LockBit's technical and financial frameworks by international law enforcement.
  • The immediate response by LockBit, including setting up new operations and their public threats.
  • Strategies to safeguard against future iterations of LockBit and similar ransomware threats.
Esentire cybertalks logo 2x


Keegan Keplinger, Research and Reporting Lead,


Brandon Stencell, SOC Incident Handler Lead,



Ciaran Luttrell, Senior Director, SOC Operations EMEA,


Want to listen to more podcasts from eSentire?

Get The Podcast