LockBit emerged at the end of 2019, first calling itself “ABCD ransomware.” Since then, it has grown rapidly. The group is a “ransomware-as-a-service” operation, meaning that a core team creates its malware and runs its website while licensing out its code to “affiliates” who launch attacks.
Typically, when ransomware-as-a-service groups successfully attack a business and get paid, they’ll share a cut of the profits with the affiliates. In the case of LockBit, Jérôme Segura, senior director of threat intelligence at Malwarebytes, says the affiliate model is flipped on its head. Affiliates collect payment from their victims directly and then pay a fee to the core LockBit team. The structure seemingly works well and is reliable for LockBit. “The affiliate model was really well ironed out,” Segura says.
Though researchers have repeatedly seen cybercriminals of all sorts professionalizing and streamlining their operations over the past decade, many prominent and prolific ransomware groups adopt flamboyant and unpredictable public personas to garner notoriety and intimidate victims. In contrast, LockBit is known for being relatively consistent, focused, and organized.
“Of all the groups, I think they have probably been the most businesslike, and that is part of the reason for their longevity,” says Brett Callow, a threat analyst at the antivirus company Emsisoft. “But the fact that they post a lot of victims on their site doesn’t necessarily equate to them being the most prolific ransomware group of all, as some would claim. They are probably quite happy with being described that way, though. That’s just good for recruitment of new affiliates.”
The group certainly isn’t all hype, though. LockBit seems to invest in both technical and logistical innovations in an attempt to maximize profits. Peter Mackenzie, director of incident response at security firm Sophos, says, for example, that the group has experimented with new methods for pressuring its victims into paying ransoms.
“They’ve got different ways of paying,” Mackenzie says. “You could pay to have your data deleted, pay to have it released early, pay to extend your deadline,” Mackenzie says, adding that LockBit opened its payment options to anyone. This could, theoretically at least, result in a rival company buying a ransomware victim’s data. “From the victim’s perspective, it’s extra pressure on them, which is what helps make people pay,” Mackenzie says.
Since LockBit debuted, its creators have spent significant time and effort developing its malware. The group has issued two big updates to the code—LockBit 2.0, released in mid-2021, and LockBit 3.0, released in June 2022. The two versions are also known as LockBit Red and LockBit Black, respectively. Researchers say the technical evolution has paralleled changes in how LockBit works with affiliates. Prior to the release of LockBit Black, the group worked with an exclusive group of 25 to 50 affiliates at most. Since the 3.0 release, though, the gang has opened up significantly, making it harder to keep tabs on the number of affiliates involved and also making it more difficult for LockBit to exercise control over the collective.
Chinese spy balloon may gather ‘unseen’ info as Beijing possibly ‘preparing the battlefield’: experts
Luis Peroza arrested after allegedly attacking 90-year-old Lower East Side candy shop owner
UAE: Woman sues male friend for refusing to return Dh3.2 million; case dismissed
For drug charge, woman sentenced to finish her law degree
Sunak mulls ‘plans to ban Channel migrants from appealing deportation’
Google Pixel Watch Review: A Fun Smartwatch to Help Build Your Fitness Game
Land Rover Defender From E.C.D. Automotive Design Is Complete Mayhem
The 19 Best Chef’s Knives, According to Chefs in 2023:
Paizo Isn’t Backing Down from Creating Its Universal RPG License
Mercedes‑Benz Actros Wooden Replica Created To Welcome New Year
Maddie Ziegler’s Love of ‘PLL’ Helped Her Get a Spot in the Cast
Austin Butler Would ‘Go Home and Cry’ While Working on 1 TV Show
Lies, Damn Lies, Payroll Data
From Meghan Trainor to Sam Smith — Kim Petras Adds to Her Growing List of Collaborations
‘The Vampire Diaries’: Ian Somerhalder and Kat Graham Loved the 1994 Prison World Story
News17 hours ago
Chat on tea with a sensation behind Good Vibes Music Entertainment
News23 hours ago
‘Celebrity Jeopardy!’ Winner Spills His Secret Finale Tactic
Tech22 hours ago
It sounds like Google will unveil its ChatGPT clone February 8
Politics22 hours ago
Trump’s poll problem in early states like Iowa, New Hampshire, South Carolina
Travel13 hours ago
Princess Cruises Next-Generation Ship – Sun Princess
Sport17 hours ago
Prem teams are revolutionising football but there is one worrying trend
News6 hours ago
Military jets circle Chinese spy balloon as FAA closes airspace and three airports
Tech12 hours ago
Vitamin D Supplements Linked to Reduced Risk of Suicide, Study of Veterans Finds