Victim of Its Own Ransomware Success: LockBit Has ProblemsInfrastructure Hasn't Sustained Surge in Affiliates, Says Researcher Jon DiMaggio
The LockBit ransomware-as-a-service seems to have become a victim of its own success, says ransomware tracker Jon DiMaggio. Whether the group's challenges will precipitate the decline and fall of the notorious, already relatively long-lived cybercrime operation remains to be seen.
The group's business partners, or affiliates, doubled - from 50 to 100 - over the past year, and "just like a legitimate company, if you grow too fast and too quick, and you don't have the infrastructure to support it, you have problems," said DiMaggio, chief security strategist at Analyst1 and author of a new report detailing LockBit's woes.
After speaking with LockBit's affiliates, DiMaggio said the group's problems include not being able to handle affiliates' customer service requests in a reasonable time frame - as in, before the ransom countdown timer victims see counts down to zero; failing to automatically release data from victims who don't pay, as affiliates expect them to do in exchange for keeping 20% of every ransom paid; and failing to deliver a brand-new, major version on schedule. Instead, the group rebranded a previously leaked Conti locker.
"When you put this all together, LockBit's in trouble," he said. "I hope that 2023 is going to be the last year for LockBit."
In this video interview with Information Security Media Group, DiMaggio also discussed:
- Why affiliates have been deserting LockBit;
- How LockBit's leadership has been attempting to cover up the group's myriad problems;
- What the difficulties mean for future LockBit victims attempting to respond to an attack.
DiMaggio has over 15 years of experience hunting, researching and documenting advanced cyberthreats. As a specialist in enterprise ransomware attacks and nation-state intrusions, he has exposed the criminal cartels behind major ransomware attacks, aided law enforcement agencies in federal indictments of nation-state attacks and shared his work at conferences such as RSA and Black Hat. In 2022, he authored "The Art of Cyberwarfare: An Investigator's Guide to Espionage, Ransomware and Organized Cybercrime," which received the SANS Difference Makers Award for cybersecurity book of the year.