The latest version of the notorious LockBit ransomware, 3.0, seems to have modified its strategy, tightening the rules for its victims when negotiating the unlocking of their data. As a result, interactions between affected companies and cybercriminals are becoming more complex.
Less frequent and fewer concessions
While an agreement could sometimes be reached between hackers and targeted companies, resulting in a significant reduction in the amounts demanded, it would seem that this period is over for LockBit 3.0 victims. Indeed, the authors of the ransomware have published this information themselves, now stating that they refuse any considerable discount on their initial demand depending on the size of the targeted company. The aim is now to set a minimum threshold below which creators will not be prepared to go: 3% of the annual revenue of affected companies, with the possibility of discounts of up to 1.5%.
Cyber insurers involved in these new decisions
The situation is even more complex for companies that have taken out specific cyber insurance for such situations. In their case, Bassterlord, leader of the LockBit 3.0 team, has indicated that it will now be forbidden to apply a discount of less than 50% of the maximum amount covered by the insurance policy to compensate for the ransom payment. The reason given is the presence of “beginners” in the ranks of hackers, who sometimes do not hesitate to grant discounts of up to 90% on the initial amount requested. These practices are said to have had a detrimental effect on loyal, experienced team members, who no longer receive as much in return.
A brutal change that raises tensions during negotiations
From now on, the policy applied by Bassterlord and his team will be never to go below 3% of the victim’s annual income, no matter how hard the negotiators try. This new approach has already materialized in a recent case: when a company specializing in negotiation offered US$100,000 to unlock a customer’s data, the ransomware authors refused and decided to delete half of the files concerned. In the end, the company had to pay a much higher sum – 800,000 US dollars – to recover the rest of its data.
Could this tougher stance have the opposite effect?
LockBit 3.0’s stated determination to be uncompromising in negotiations may seem worrying for targeted companies, as they will no doubt have to take this new fact into account when deciding on their strategy. However, it is possible that this radical stance by the ransomware authors could have the opposite effect to that intended: if targeted companies know from the outset that they will no longer be able to benefit from significant discounts, they may be more inclined to implement solutions to prevent and counter attacks, rather than rely on the hope of a favorable negotiation. All in all, LockBit 3.0 could unintentionally contribute to an improvement in corporate IT security.
