In recent developments within the notorious LockBit ransomware group, discussions among its affiliates are stirring up potential changes in their ransom payment policies.
LockBit has expressed increasing frustration over the inconsistency in ransom demands set by its affiliates. Currently, these affiliates have control over determining ransom amounts for targeted companies, leading to a lack of uniformity.
LockBit is contemplating introducing new regulations concerning ransom demands to address this issue.
Live DDoS Attack Simulation
Attend the Live DDoS Website & API Attack Simulation webinar to gain knowledge on various types of attacks and how to prevent them.
LockBit faces a dilemma as it observes varying approaches among its affiliates. Some newer affiliates offer significant discounts to victimized companies, while more seasoned affiliates maintain a firm stance during negotiations.
This disparity has prompted LockBit to consider implementing rules to standardize ransom demands.
Regulating Ransom Payments:
The administrative team of LockBit has presented several options for regulating ransom payments:
Maintain the Status Quo: Leaving payment decisions entirely to the discretion of individual affiliates.
Set a Minimum Payment: Introducing rules that mandate a minimum payment equivalent to 3% of the victim company’s annual revenue, with a 50% discount option.
Cap Discount Percentage: Restricting affiliates from granting a discount greater than 50% of the originally demanded ransom amount.
Ransom Insurance Policy: Requiring that the ransom payment not fall below the victim’s maximum ransomware insurance policy as a minimum threshold.
Minimum Payment Based on Insurance: Establishing a rule requiring a minimum payment of 50% of the victim’s ransomware insurance policy.
National Hazard Agency’s Stance:
In response to this debate, the National Hazard Agency within LockBit has taken a firm stance, announcing that they will no longer consider ransom offers below 3% of the targeted company’s annual revenue.
Negotiators offering less than this threshold will face immediate retaliation, completely destroying the victim company’s data.
Internal Struggles and Future Possibilities:
LockBit has experienced internal changes, a recurring issue due to its Ransomware-as-a-Service (RaaS) model.
While standardization may enhance profit margins, it could lead to operational disruptions if some affiliates harbor discomfort.
Despite these challenges, LockBit remains a formidable player in the ransomware landscape.
The LockBit ransomware group finds itself at a crossroads, grappling with the need for uniformity in ransom demands.
The internal discussions among affiliates have led to various proposed options, each with implications for the group’s future operations.
The stance taken by the National Hazard Agency underscores the seriousness of this debate and the potential consequences for non-compliance.
As this story unfolds, ransomware continues to evolve, posing new challenges and risks to organizations. LockBit’s actions, including disclosing new victims and leaks, reflect the ongoing dynamics in the ransomware landscape.
Many ransomware groups, such as LockBit, utilize leak sites or specialized websites to intimidate victims into paying the ransom by threatening to release or actually releasing stolen data. These sites are commonly used as a tool to coerce victims into meeting ransom demands.
Keep informed about the latest Cyber Security News by following us on Google News, Linkedin, Twitter, and Facebook.