What’s the secret to LockBit’s success? How has security changed due to the gang’s appearance? In every industry, visionaries drive progress and innovation. Some call these pioneers “crazy”.
The same rule applies to the world of cyber gangs. Most threat groups try to maintain a low profile. They don’t seem to trust anyone and want tight control over money flow.
Then along came LockBit. Not only does the group maintain a high profile, but they’ve also turned ransom monetization upside down. Thanks to their innovative approach, the group has claimed 44% of total ransomware attacks launched in 2022.
A Brand New Ransomware Paradigm
In a matter of a few years, the LockBit ransomware gang has become one of the most notorious organized cyber groups in history. Previously referred to as “ABCD ransomware,” LockBit made its debut in late 2019 and saw a swift rise in popularity.
Operating as a Ransomware-as-a-Service, the group consists of a central team that crafts the malware and manages its website. Meanwhile, the group also grants access to its code to affiliates who help execute the cyberattacks.
Affiliates are experts in various areas, such as vulnerability search or network cracking. Prior to LockBit, the payment process involved each affiliate receiving a share of the ransom at the end, sort of like an invoicing system.
However, this resulted in many affiliates not being paid their fair share as a common complaint in criminal forums.
To address this, LockBit flipped the script and placed its affiliates in charge of negotiations and payments. By doing so, trust was established and the fear of being swindled was removed.
This shift, coupled with an improved ransomware product, made LockBit the preferred choice among affiliates. Due to high demand, the group is now responsible for almost half of all ransomware attacks worldwide.
LockBit Goes Pro
Over time LockBitSupp transformed the group’s infrastructure, recruiting developers to create user-friendly ransomware dashboards. DiMaggio was the first to report on LockBitSupp’s revolutionary approach to the ransomware payment model.
LockBit’s branding journey also included a logo. This was unusual in the ransomware world, as only a few groups like Vice Society were doing the same. The logo became the visual representation of the LockBit brand from their leaked website to ransom notes to anything else they sponsored.
They even began offering people $500 to $1,000 to tattoo the LockBit logo on their bodies. “I heard that, I’m like, there is no way anyone is going to tattoo the name of a ransomware brand and their logo on their bodies,” said DiMaggio. “And then people did. That’s just crazy to me.”
From there, LockBitSupp made his ransomware business more efficient and user-friendly with LockBit Red, also known as LockBit 2.0. He created a dashboard to keep track of attacks and added features such as push notifications and a faster data encryption process.
The central management console made all elements of a ransomware attack easier to use, even for those with limited coding skills.
LockBit Bug Bounty
Next, LockBit 3.0 made history by launching the industry’s first bug bounty program initiated by a ransomware group. The operation invites security experts to uncover vulnerabilities and report them for rewards ranging from $1,000 to a staggering $1 million.
“We invite all security researchers, ethical and unethical hackers on the planet to participate in our bug bounty program. The amount of remuneration varies from $1000 to $1 million,” reads the LockBit 3.0 bug bounty page.
Moreover, LockBit has expanded its bug bounty program beyond just paying for discovered vulnerabilities and is now offering bounties for creative ways to enhance its ransomware operation. They even put up a $1 million cash prize for anyone who could identify LockBitSupp.
How Will LockBit Fail?
In Dimaggio’s highly detailed report, he predicts what might eventually happen to LockBit.
“The previous gangs that once held first place, such as Maze, REvil and Conti, all eventually fell,” Dimaggio said. “The common theme across each is that their egos grew out of control, and their greed drove them to push things too far.
Eventually, they overstep and gain attention from entire governments with greater resources than traditional law enforcement.”
Only time will tell if LockBit gets taken down. But for now, shields up.
Source: Security Intelligence