Cyber & Advisory

Cybersecurity Services
Security Awareness Training
Residency
Compliance Readiness

(Co)Managed IT

Overview
Help Desk & End User Support
NOC (Server/Network RMM)
MDR/XDR (AI-Assisted SOC)
Remote Deployment and Operations

AI Integration

Overview
Anthropic Claude
Microsoft Copilot
OpenAI ChatGPT
Google Gemini
xAI Grok
Perplexity

Managed AI

Managed Private AI
Managed Agents
Managed AI for Education
Managed AI for State & Local Government
Book a Free AI Strategy Call

Learn / Guides

AI Hub
AI Guide: Education
AI Guide: Healthcare
AI Guide: State & Local Gov
SLED AI Prompting Guide

Cloud & Data

Cloud & Infrastructure
Backup & Disaster Recovery
AI & Automation

Security & Identity

Microsoft 365 Security
Google Workspace Security
Zero Trust Access

Modern Workforce

Virtual Desktops & Apps
Digital Workspaces
Unified Endpoint Management

Public Sector

Federal Government
State & Local Government
Education
Critical Infrastructure

Regulated Sectors

Healthcare
Financial Services
Legal
Private Equity

Industry & Operations

Manufacturing
Logistics
Hospitality

By Business Size

Large Enterprise
SMB Commercial
Startups
All Industries

Cloud & Productivity

Microsoft
Google
AWS

Data Center & Compute

Dell EMC
HPE
Hitachi
Nutanix

Virtualization & Workspace

Omnissa
Red Hat
Login VSI
TURBO.NET

Backup & Secure Files

Commvault
FileCloud
View All Partners

Read

Blog
Case Studies

Intelligence & Guides

Z7 Cyber Intelligence
AI Hub

Company

Why Z7 Solutions
The Z7 Platform
Careers
Contact Us

Federal & Contracts

Contract Vehicles
Capability Statement

LOCKBIT

Z7-TAF THREAT SCORE
0

CLASSIFICATION

CRITICAL THREAT (DEGRADED)

The Rise and Fall of the World's Most Prolific Ransomware Operation

On November 8, 2023, LockBit did something no ransomware group had ever done: they nearly broke the US Treasury market. Their attack on ICBC, the world’s largest bank, caused $62.2 billion in failed Treasury trades and forced bankers to settle transactions via USB drives carried by messengers through Manhattan.

Three months later, Operation Cronos took them down. The FBI and NCA seized their servers, recovered 7,000 decryption keys, and unmasked their leader, Dmitry Khoroshev, who had offered $10 million to anyone who could dox him. Now he’s the one with a $10 million bounty on his head.

Attacks dissected in this report

ICBC Financial Services (Nov 2023)

$62.2B failed trades, $9B emergency injection - Z7-BAF 9.14

Boeing (Oct-Nov 2023)

43-50GB leaked, Citrix Bleed exploitation - Z7-BAF 8.21

Fulton County, Georgia (Jan 2024)

Weeks of outages, claimed Trump case documents - Z7-BAF 8.07

What's in the full intelligence report

Complete Z7-TAF Analysis

All 7 dimensions scored with pre/post-Cronos comparison

3 Full Z7-BAF Attack Dissections

ICBC, Boeing, Fulton County with timelines and component scores

Operation Cronos Deep Dive

How the takedown worked and why it succeeded

Khoroshev Dossier

What we know about LockBitSupp

Citrix Bleed Analysis

The vulnerability that took down Boeing and ICBC

ABOUT Z7 CYBER INTELLIGENCE

Z7 Cyber Intelligence delivers threat analysis and breach assessments used by security teams, compliance officers, and executive leadership. Our proprietary Z7-TAF and Z7-BAF frameworks provide quantified, defensible scoring that enables data-driven risk decisions.

Proprietary Methodology

Z7-TAF (Threat Actor Framework) and Z7-BAF (Breach Assessment Framework) are proprietary scoring systems developed by Z7 Solutions. Detailed scoring criteria, dimension weights, and assessment rubrics are proprietary. Complete methodology documentation is available under NDA for clients.

This page provides an executive-level preview only. Detailed analysis, scoring methodology, and proprietary frameworks are available in the full intelligence report.