The notorious LockBit 3.0 ransomware group runs just like a business, with a relentless focus on recruiting top talent and maintaining an advanced product – which has led to the group’s longevity, says ransomware-tracking researcher Jon DiMaggio.
See Also: Live Webinar | Navigating the Difficulties of Patching OT
But that doesn’t mean everything runs smoothly in LockBit land. Take the ex-BlackMatter developer it recruited who quit LockBit and leaked its source code after the organization docked his pay by $50,000 to recoup a bug bounty award after a programmer spotted an error in his code. In response, the group branded him as being “a deranged psycho,” as DiMaggio documents in a new report analyzing LockBit’s behavior.
A major takeaway and a way to potentially disrupt LockBit: It’s “a business that is run by an ego-driven CEO that has massive insecurities,” says DiMaggio, chief security strategist at threat intelligence firm Analyst1. So, “while unfortunately they have a great criminal product … what will eventually lead to their demise is that sort of ego and the constant over-reacting because of their insecurities to things that happen, such as the developer leaking their code.”
In this video interview with Information Security Media Group, DiMaggio details:
- Direct connections between the leadership of LockBit and sometime rivals such as DarkMatter and REvil;
- Why the LockBitSupp persona appears to be operated by at least two individuals, including the group’s leader;
- The inside story of the developer who leaked LockBit’s code and may be in hiding – and why he should be a top target for law enforcement recruitment.
DiMaggio has over 15 years of experience hunting, researching and documenting advanced cyberthreats. As a specialist in enterprise ransomware attacks and nation-state intrusions, he has exposed the criminal cartels behind major ransomware attacks, aided law enforcement agencies in federal indictments of nation-state attacks and shared his work at conferences such as RSA and Black Hat. In 2022, he authored “The Art of Cyberwarfare: An Investigator’s Guide to Espionage, Ransomware and Organized Cybercrime,” which was awarded the SANS Difference Makers Award for cybersecurity book of the year.