Fraud Management & Cybercrime , Ransomware , Video

LockBit Ransomware Group's Big Liability: 'Ego-Driven CEO'

Ransomware Researcher Jon DiMaggio Probes LockBit's Business Operation and Behavior
Jon DiMaggio, chief security strategist, Analyst1

The notorious LockBit 3.0 ransomware group runs just like a business, with a relentless focus on recruiting top talent and maintaining an advanced product - which has led to the group's longevity, says ransomware-tracking researcher Jon DiMaggio.

See Also: Webinar | Everything You Can Do to Fight Social Engineering and Phishing

But that doesn't mean everything runs smoothly in LockBit land. Take the ex-BlackMatter developer it recruited who quit LockBit and leaked its source code after the organization docked his pay by $50,000 to recoup a bug bounty award after a programmer spotted an error in his code. In response, the group branded him as being "a deranged psycho," as DiMaggio documents in a new report analyzing LockBit's behavior.

A major takeaway and a way to potentially disrupt LockBit: It's "a business that is run by an ego-driven CEO that has massive insecurities," says DiMaggio, chief security strategist at threat intelligence firm Analyst1. So, "while unfortunately they have a great criminal product … what will eventually lead to their demise is that sort of ego and the constant over-reacting because of their insecurities to things that happen, such as the developer leaking their code."

In this video interview with Information Security Media Group, DiMaggio details:

  • Direct connections between the leadership of LockBit and sometime rivals such as DarkMatter and REvil;
  • Why the LockBitSupp persona appears to be operated by at least two individuals, including the group's leader;
  • The inside story of the developer who leaked LockBit's code and may be in hiding - and why he should be a top target for law enforcement recruitment.

DiMaggio has over 15 years of experience hunting, researching and documenting advanced cyberthreats. As a specialist in enterprise ransomware attacks and nation-state intrusions, he has exposed the criminal cartels behind major ransomware attacks, aided law enforcement agencies in federal indictments of nation-state attacks and shared his work at conferences such as RSA and Black Hat. In 2022, he authored "The Art of Cyberwarfare: An Investigator's Guide to Espionage, Ransomware and Organized Cybercrime," which was awarded the SANS Difference Makers Award for cybersecurity book of the year.

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.