LockBit ransomware takes as little as five minutes to deploy the encryption routine on target systems once it lands on the victim network. Researchers at Sophos found that the attack began from a compromised Internet Information Server that launched a remote. script calling another script embedded in a remote Google Sheets document. The attack scripts also used regular expressions to search Windows Registry for very specific types of business software used for point-of-sale systems or accounting. The malicious code would deploy LockBit only if the targets matched a fingerprint indicating an attractive target, the researcher notes.
Source: https://www.bleepingcomputer.com/news/security/lockbit-ransomware-moves-quietly-on-the-network-strikes-fast/