LockBit ransomware group has restructured its negotiation methods, addressing declining ransom payments. The lack of standard negotiation protocols previously led to varied results, with many victims opting not to pay.
Revised Negotiation Policies (UK GBP Estimates)
- Ransom Amount Guidelines Based on Annual Revenue:
- Revenue up to £80 million: 3-10%
- Revenue up to £800 million: 0.5-5%
- Revenue over £800 million: 0.1-3%
- Discount Limitations: Maximum discount offered by affiliates is now capped at 50% of the initial ransom demand.
Notable Case
The case with CDW demonstrates the application of these new rules. LockBit discontinued negotiations with CDW, a large reseller, when their offer was significantly lower than LockBit’s calculated demand based on CDW’s estimated annual revenue.
Conclusion
These changes signify LockBit’s strategic shift towards more controlled and profitable ransomware operations.
Further Reading
- The Register: LockBit Revamps Ransomware Negotiations
- LockBit Ransomware Strikes Nine New Victims Across UK, UAE, and Others