Lockbit 3.0 and the ransomware business model
July 25, 2022 – Published on VentureBeat
The notorious LockBit ransomware group released its latest ransomware-as-a-service offering, LockBit 3.0 (or Lockbit Black, as it has deemed it).
Notably, the new offering focuses on data exfiltration, as opposed to the encryption of files on a victim’s machine.
The group also published a set of “Affiliate Rules” and announced what cybercrime experts say is a first for the dark web: a bug bounty program. This purportedly offers a $1 million payout for those who reveal personally identifiable information (PII) on high-profile individuals, as well as any web security exploits.
LockBit emerged in 2019, but its ransomware didn’t gain significant traction until the launch of LockBit 2.0 in the second half of 2021. After critical bugs were discovered in Lockbit 2.0 in March, its authors set to work updating encryption routines and adding new features to thwart researchers.
“Interestingly and surprisingly,” the group “very blatantly” claimed to be from the Netherlands, said Drew Schmitt, principal threat intelligence consultant with cybersecurity company GuidePoint Security. The group also stated that former USSR countries cannot be targeted because most of its members grew up there. According to Schmitt, this gives credibility to the common hypothesis that the majority of ransomware groups are operating out of Eastern Europe and Russia.
Read More HERE.