A new version of LockBit 2.0 ransomware has been found that automates the encryption of a Windows domain using Active Directory group policies. The LockBit ransomware operation launched in September 2019 as a ransomware-as-a-service, where threat actors are recruited to breach networks and encrypt devices. In return, the recruited affiliates earn 70-80% of a ransom payment, and the LockBit developers keep the rest of the ransom payment. LockBit has a long list of features with many used by other ransomware operations in the past.
Source: https://www.bleepingcomputer.com/news/security/lockbit-ransomware-now-encrypts-windows-domains-using-group-policies/