LockBit Ransomware Gang in Decline, May Be Compromised, Report

/in


  • LockBit’s leadership vanished for two weeks in August 2023. This suggests that the gang may have been compromised or that there was internal conflict.
  • LockBit has been unable to consistently publish victim data. This has led to victims refusing to pay ransoms and affiliates leaving the program.
  • LockBit’s updated infrastructure is not as effective as it claims to be. This is evidenced by the fact that LockBit is still struggling to publish victim data.
  • LockBit’s affiliates are leaving for its competitors. This is because LockBit is not providing the support and resources that affiliates need.
  • LockBit ransomware gang missed its most recent release date. This suggests that the gang is struggling to develop new ransomware variants.
  • LockBit wants to steal ransomware from its rivals. This is a sign that LockBit is desperate and is willing to resort to unethical tactics to stay ahead of the competition.

LockBit, a prominent but infamous ransomware gang that has wreaked havoc across numerous industries, recently vanished from the cybercriminal scene, leaving affiliates and partners in a state of uncertainty. However, their reemergence after a brief hiatus has raised questions about their operational integrity.

A new report from Jon DiMaggio, Chief Security Strategist at Analyst1, “Ransomware Diaries: Volume 3 – LockBit’s Secrets” exposes LockBit’s activities, their targets, and the challenges they’ve been facing.

Dimaggio delved deep into LockBit’s operations and uncovered critical shortcomings within the gang’s modus operandi. In his extensive report, the researcher has highlighted LockBit’s struggles with data publication, deteriorating affiliate partnerships, and a lack of timely support responses. DiMaggio believes LockBit may have been compromised.

In 2022, LockBit reigned as the foremost ransomware group and Ransomware-as-a-Service (RaaS) provider globally. In a shift from traditional ransomware groups, LockBit’s unique approach involves maintaining the ransomware’s functionality, leasing access to it, and assisting affiliates in deploying attacks.

The model has enabled LockBit to foster a wide network of attackers, resulting in…

Source…