Rise of LockBit
LockBit, a ransomware-as-a-service (RaaS) platform, surfaced in 2019 through a group known as LockBitSupp. Initially operating discreetly, LockBit gradually gained notoriety within the cybercrime community. Its model involved licensing out its malware to affiliate hackers for carrying out attacks and negotiating ransom payments, from which LockBit received a share of the profits.
Despite maintaining a low profile early on, LockBit’s activities intensified as it became a prominent player in the cybercrime realm. The National Crime Agency (NCA) identified 194 LockBit affiliates, out of which 114 failed to monetize their attacks, labeling some as incompetent. Central to LockBit’s operations was the enigmatic LockBitSupp persona, directly involving in high-profile ransom negotiations post-attacks by affiliates.
Insights on LockBitSupp
Researchers like Jon DiMaggio shed light on LockBitSupp’s strategic approach, treating the operation as a business venture. LockBitSupp proactively sought feedback from affiliates to enhance the group’s criminal activities by reinvesting profits into the operation’s development. This led to multiple malware updates, each more sophisticated than its predecessor, as observed by cybersecurity experts at Trend Micro.
DiMaggio’s interactions with LockBitSupp portrayed a business-focused and serious side, contrasted with a flamboyant persona exhibited on Russian hacking forums, boasting about wealth and success akin to a supervillain. LockBitSupp’s publicity antics extended to organizing unconventional competitions and offering rewards, such as cash for getting LockBit tattoos, garnering attention within the cyber underground.
Conclusion
The identification of the alleged mastermind behind LockBit ransomware shines a light on the intricate workings of cybercriminal networks. LockBit’s evolution from a covert RaaS entity to a dominant player in the cybercrime ecosystem underscores the need for robust cybersecurity measures and international cooperation to combat such threats effectively.
FAQ
Q: What is ransomware-as-a-service (RaaS)?
A: Ransomware-as-a-service (RaaS) is a model where cybercriminals develop and provide ransomware to other individuals, known as affiliates, who carry out attacks using the malware. The original creators typically receive a percentage of the ransom payments.
Q: How did LockBitSupp engage with affiliates?
A: LockBitSupp interacted with affiliates to improve the operational efficiency of the criminal group by seeking feedback on how to enhance their activities. They reinvested profits into developing more advanced malware, reflecting a business-oriented approach.
Q: What were some of LockBitSupp’s unconventional activities?
A: LockBitSupp organized an essay-writing competition, offered bug bounties for code flaws, and incentivized individuals with cash rewards for getting LockBit tattoos. These activities aimed to create a buzz within the hacking community and showcase LockBit’s influence.
