LockBit ransomware operators have been active since September 2019, but still there’s very limited pieces of information on their operations available in public space. The ransomware-as-a-service program and ransomware itself have updated in June 2021, so now we are dealing with LockBit 2.0. Despite the fact the updated RaaS has quite short lifecycle, their affiliates already performed at least a hundred of successful attacks. In this talk, we’ll look at the threat actor’s tactics, techniques and procedures, from gaining the initial access to impact, as well as some custom tools leveraged by them for data exfiltration (StealBit) and files encryption (LockBit).