LockBit Ransomware Group Announces New Payment Policy, Threatens to Destroy Data of Victims Who Don't Pay

 LockBit Ransomware Group Announces New Payment Policy, Threatens to Destroy Data of Victims Who Don't Pay

In recent times, there has been a concerning surge in the frequency and impact of cyberattacks orchestrated by the LockBit ransomware gang. This group has emerged as a prominent threat in the digital realm, with their attacks growing increasingly sophisticated and alarming.

The victims of LockBit ransomware attacks span a wide spectrum, ranging from major corporations to individuals, all of whom find themselves grappling with the detrimental consequences of these malicious incursions. For those unfortunate enough to fall prey to these attacks, a ransom is demanded in exchange for the decryption of their encrypted data, with the threat that failure to comply will result in the exposure of sensitive information.

However, it is widely acknowledged that paying ransoms to cybercriminals is an ill-advised course of action, as these threat actors cannot be trusted to uphold their end of the bargain. Consequently, many organizations have refrained from capitulating to LockBit's demands, prompting the ransomware gang to introduce new rules, as divulged by the "vx-underground" account.

The "vx-underground" account shared information regarding a poll conducted among all affiliates of the LockBit ransomware gang. LockBit's ransomware group is currently contemplating a revision of its ransom payment policies due to mounting frustration with ransom negotiators. One proposed option is to impose a minimum payment equivalent to 3% of the victim company's annual revenue, with a 50% discount option, effectively reducing it to 1.5% of the annual earnings.

Figure 1: Gang ransomware Lockbit will destroy hardisk

Furthermore, LockBit's sub-division, the National Hazard Agency, has declared that they will not accept payments below the 3% threshold of a victim company's revenue and will threaten total data destruction in response.

These developments signify a significant shift in LockBit ransomware's strategy, as the group initially lacked concrete rules regarding the permissible ransom amounts from victims. This shift may reflect the discontent among more experienced affiliates who are hesitant to adhere to the desperate ransom demands of newer affiliates.

The final decision on these policy changes will have substantial ramifications for victimized companies, as they must prepare for the consequences of LockBit's stricter ransom payment policies. In an increasingly complex and perilous digital landscape, businesses and governmental entities alike must continually fortify their cybersecurity defenses and foster effective coordination to combat the growing threat of sophisticated and dangerous ransomware, exemplified by LockBit.