Law enforcement's seizure of the LockBit ransomware site caused quite the stir last week. In the aftermath of the news, ransomware experts like GroupSense's Kurtis Minder and Analyst1's Jon DiMaggio think that law enforcement is intentionally baiting the leader of the ransomware group to incriminate himself. The experts were quoted in CyberScoop speaking on the tactic. Check out the excerpt or read the full article here.
Experts and longtime observers of LockBit say the message — as well as the overall strategy of taking complete control of LockBit infrastructure and exposing its affiliates — aims to both undermine trust in LockBit among the cybercrime ecosystem and potentially provoke a response from the leader himself.
“This is a psychological operation, and I have been begging anyone who will listen to me to implement doing these [types] of mitigation strategies,” said Jon DiMaggio, chief security strategist for Analyst1. Doing so, DiMaggio argued, can seed “doubt in the minds of other cyber criminals who will be less likely to trust LockBit and work for him.”
DiMaggio and his colleagues have reported extensively on LockBit activities and carried out interviews with LockBitSupp that reveal a confident character who cares about his reputation and how he is perceived. That confidence seems to fuel a belief that he can operate in perfect anonymity: In January, he offered a $10 million reward to anyone who could reveal his identity.
DiMaggio said the law enforcement’s messaging campaign seems “designed for him.”
Kurtis Minder, the co-founder and CEO of GroupSense and a longtime ransomware negotiator, told CyberScoop that his dealings with LockBit representatives over the years suggest that LockBitSupp is “volatile,” and that the messaging campaign may be an intentional provocation “to get him to say something stupid” that might be used against him.
By insinuating that LockBitSupp is working with law enforcement in some undefined capacity, the messaging campaign also seeks to create suspicion between LockBit and the affiliates that pay handsomely to use its services.