In keeping with a captivating report by Jon DiMaggio of Analyst1, who spent a 12 months undercover gathering intelligence on the LockBit group, the ransomware gang is making an attempt to cowl up “the very fact it typically can’t persistently publish stolen knowledge.”
And that’s clearly an issue for a cybercriminal gang which is utilizing the specter of publishing exfiltrated knowledge as its main lever for extorting a ransom from its victims.
DiMaggio claims that the issue “is because of limitations in [LockBit’s] backend infrastructure and out there bandwidth.”
“LockBit just lately up to date its infrastructure to handle these deficiencies. Nonetheless, this can be a gimmick to make it seem that it corrected the beforehand talked about downside with posting sufferer knowledge. It claims victims’ “FILES ARE PUBLISHED”. Typically, this can be a lie and a ploy to cowl up the truth that LockBit can’t persistently host and publish massive quantities of sufferer knowledge by way of its admin panel, as promised to its affiliate companions. Additional, over the previous six months, LockBit has offered empty threats it didn’t act upon after many victims refused to pay. But, one way or the other, nobody has observed.”
I assume for those who steal an enormous quantity of information from many firms you must guarantee that you’ve the space for storing and server infrastructure to leak it to the world.
Because of these and different points (DiMaggio says a deadline to launch an up to date model of the ransomware has been missed, as an illustration), the group’s status has been tarnished and a few of LockBit’s high associates have left for different ransomware teams in current months.
My guess is that firms may be quite a bit much less inclined to pay a ransom in the event that they believed it was much less doubtless that their stolen knowledge was really going to be revealed…
It is going to be fascinating to see if LockBit can tackle its infrastructure problem – maybe by providing the information it has stolen from victimised firms by way of torrents as a substitute.
Discovered this text fascinating? Observe Graham Cluley on Twitter or Mastodon to learn extra of the unique content material we submit.
