Lord777
Professional
- Messages
- 2,576
- Reaction score
- 1,543
- Points
- 113
Management is unhappy that inexperienced affiliates cannot get even a minimal ransom from victims.
The ransomware group LockBit has decided to radically change its approach to negotiations with victims. Leaders are concerned about the low level of payments from companies. One of the reasons is inconsistency in the actions of affiliated companies.
There is an opinion in the ranks of LockBit that less experienced affiliates cannot achieve even a minimal ransom from victims and too often offer discounts. The group's leaders recorded cases when the required amount was underestimated by up to 90%.
In addition, incident response specialists monitor the group's conversations and use the data obtained against the hackers themselves. This happens when inexperienced negotiators unwittingly reveal important information about their activities while communicating with the victim.
Before the new policy came into effect in October, there were no clear strategies or guidelines for negotiations. Affiliates acted solely at their own discretion.
In this regard, LockBit has developed special instructions that determine the minimum purchase amount and the maximum allowable amount of discounts.
According to data compiled by analytics company Analyst1, LockBit conducted a survey among its members in September, giving them the opportunity to vote on potential rule changes.
The survey offered six options to choose from:
1. Leave everything as it is. Affiliates set their own rules without restrictions, as they always have.
2. Set the minimum repurchase amount depending on the company's annual income, for example, at 3%. And also prohibit discounts above 50%. So, if the company's revenue is $ 100 million, the initial amount will be $ 3 million, and the final payout should not be less than $ 1.5 million.
3. Do not set a fixed minimum ransom — it will depend on the damage caused to the victim. At the same time, the discount amount will also be limited to 50%. For example, if the required amount is $ 1 million, the minimum allowed payment must be at least $ 500,000.
4. Prohibit any payments less than the amount for which the victim is insured against cyber attacks.
5. Prohibit any payments less than 50% of the amount for which the victim is insured against cyber attacks.
6. Other offers.
LockBit eventually established two rules that govern all negotiations starting on October 1.
The first concerns the amount of payments and how affiliates should calculate the initial amount depending on the annual income of the attacked company.
Affiliates, for example, can adjust the amount if they fail to destroy backup copies of the victim's data.
The second rule concerns discounts — it was decided to set a hard maximum of 50%.
"From October 1, 2023, it is strictly prohibited to offer discounts of more than 50% of the amount originally requested in correspondence with the attacked company," LockBit said in a message sent to partners and provided to Analyst1.
The ransomware group LockBit has decided to radically change its approach to negotiations with victims. Leaders are concerned about the low level of payments from companies. One of the reasons is inconsistency in the actions of affiliated companies.
There is an opinion in the ranks of LockBit that less experienced affiliates cannot achieve even a minimal ransom from victims and too often offer discounts. The group's leaders recorded cases when the required amount was underestimated by up to 90%.
In addition, incident response specialists monitor the group's conversations and use the data obtained against the hackers themselves. This happens when inexperienced negotiators unwittingly reveal important information about their activities while communicating with the victim.
Before the new policy came into effect in October, there were no clear strategies or guidelines for negotiations. Affiliates acted solely at their own discretion.
In this regard, LockBit has developed special instructions that determine the minimum purchase amount and the maximum allowable amount of discounts.
According to data compiled by analytics company Analyst1, LockBit conducted a survey among its members in September, giving them the opportunity to vote on potential rule changes.
The survey offered six options to choose from:
1. Leave everything as it is. Affiliates set their own rules without restrictions, as they always have.
2. Set the minimum repurchase amount depending on the company's annual income, for example, at 3%. And also prohibit discounts above 50%. So, if the company's revenue is $ 100 million, the initial amount will be $ 3 million, and the final payout should not be less than $ 1.5 million.
3. Do not set a fixed minimum ransom — it will depend on the damage caused to the victim. At the same time, the discount amount will also be limited to 50%. For example, if the required amount is $ 1 million, the minimum allowed payment must be at least $ 500,000.
4. Prohibit any payments less than the amount for which the victim is insured against cyber attacks.
5. Prohibit any payments less than 50% of the amount for which the victim is insured against cyber attacks.
6. Other offers.
LockBit eventually established two rules that govern all negotiations starting on October 1.
The first concerns the amount of payments and how affiliates should calculate the initial amount depending on the annual income of the attacked company.
- Revenue up to $ 100 million-the buyout must be between 3 and 10%.
- Revenue of up to $ 1 billion-buybacks should be between 0.5 and 5%.
- Revenue of more than $ 1 billion — buybacks should be between 0.1 and 3%.
Affiliates, for example, can adjust the amount if they fail to destroy backup copies of the victim's data.
The second rule concerns discounts — it was decided to set a hard maximum of 50%.
"From October 1, 2023, it is strictly prohibited to offer discounts of more than 50% of the amount originally requested in correspondence with the attacked company," LockBit said in a message sent to partners and provided to Analyst1.
