The Federal Bureau of Investigation (FBI) is investigating a ransomware campaign known as LockBit. Since January 2020, LockBit has functioned as an affiliate-based ransomware variant under the Ransomware-as-a-Service (RaaS) model. Affiliates deploy LockBit using many varying Tools, Techniques and Procedures and have attacked a wide range of businesses and critical infrastructure organizations both domestically in the United States and internationally. LockBit launched in January 2020 with a version known as LockBit 1.0, but has since released additional versions consisting of LockBit 2.0 (LockBit Red), LockBit 3.0 (LockBit Black), LockBit Linux/ESXI, LockBit Green and were developing LockBit 4.0. The FBI, in coordination with an international task force, participated in a joint disruption operation against LockBit. Below is a questionnaire for U.S. victims and non-U.S. victims who wish to participate in the U.S. LockBit prosecutions (e.g., to submit a victim-impact statement or to claim restitution), and/or are seeking additional information or help with a LockBit attack against their organization. Please complete all fields of the questionnaire to the best of your ability and the FBI will be in contact with you as soon as possible. If you have any questions, please contact lockbitvictims@fbi.gov.

* All data provided is for investigative purposes and will not be shared publicly without the consent of the victim.