Cybercrime , Cybercrime as-a-service , Fraud Management & Cybercrime

Victim of Its Own Ransomware Success: LockBit Has Problems

Infrastructure Hasn't Sustained Surge in Affiliates, Says Researcher Jon DiMaggio
Jon DiMaggio, chief security strategist, Analyst1

The LockBit ransomware-as-a-service seems to have become a victim of its own success, says ransomware tracker Jon DiMaggio. Whether the group's challenges will precipitate the decline and fall of the notorious, already relatively long-lived cybercrime operation remains to be seen.

See Also: OnDemand | Digital Doppelgängers: The Dual Faces of Deepfake Technology

The group's business partners, or affiliates, doubled - from 50 to 100 - over the past year, and "just like a legitimate company, if you grow too fast and too quick, and you don't have the infrastructure to support it, you have problems," said DiMaggio, chief security strategist at Analyst1 and author of a new report detailing LockBit's woes.

After speaking with LockBit's affiliates, DiMaggio said the group's problems include not being able to handle affiliates' customer service requests in a reasonable time frame - as in, before the ransom countdown timer victims see counts down to zero; failing to automatically release data from victims who don't pay, as affiliates expect them to do in exchange for keeping 20% of every ransom paid; and failing to deliver a brand-new, major version on schedule. Instead, the group rebranded a previously leaked Conti locker.

"When you put this all together, LockBit's in trouble," he said. "I hope that 2023 is going to be the last year for LockBit."

In this video interview with Information Security Media Group, DiMaggio also discussed:

  • Why affiliates have been deserting LockBit;
  • How LockBit's leadership has been attempting to cover up the group's myriad problems;
  • What the difficulties mean for future LockBit victims attempting to respond to an attack.

DiMaggio has over 15 years of experience hunting, researching and documenting advanced cyberthreats. As a specialist in enterprise ransomware attacks and nation-state intrusions, he has exposed the criminal cartels behind major ransomware attacks, aided law enforcement agencies in federal indictments of nation-state attacks and shared his work at conferences such as RSA and Black Hat. In 2022, he authored "The Art of Cyberwarfare: An Investigator's Guide to Espionage, Ransomware and Organized Cybercrime," which received the SANS Difference Makers Award for cybersecurity book of the year.

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.