November 17, 2023 at 01:12PM
LockBit has restructured its negotiation process with ransomware victims in response to internal frustrations. The organization and its affiliates were concerned about the low rate of payment and the discounts being offered. Before the rule change, negotiations were inconsistent, leading to victims refusing to pay ransoms. LockBit has implemented guidelines for negotiations, including establishing minimum ransom requests based on company revenue and setting a maximum discount of 50%. The changes aim to address inconsistencies and increase successful ransom collections.
During the meeting, LockBit leadership discussed their concerns about the low rate of payment from organizations and the inadequate sums collected by affiliates. The lack of consistency in negotiations was also identified as an issue, with less-experienced affiliates failing to meet the expected minimum payment and frequently offering unsanctioned discounts.
To address these concerns, LockBit implemented new rules and guidelines for negotiations starting from October 1. These include establishing ranges for the initial ransom amount based on the victim’s annual revenue and setting a maximum discount of 50 percent during negotiations.
LockBit conducted a survey in September to gather input from affiliates on potential rule changes. The options presented ranged from leaving negotiations unrestricted to establishing minimum ransom amounts based on revenue and prohibiting excessive discounts. LockBit ultimately settled on the two rules mentioned above.
LockBit emphasized that while the ransom amount is still at the discretion of the affiliates, they should follow the provided guidelines for setting the initial sum based on the victim’s revenue. Adjustments to the ransom amount may be made if the affiliates fail to destroy the victim’s backups. Affiliates are also reminded to strictly adhere to the rule of not discounting more than 50 percent of the initially requested amount.
Analyst1 highlighted the importance of closely monitoring developments in the ransomware landscape and recognizing the unique nature of each LockBit case. The involvement of affiliates responsible for the breach in negotiations and the varying experience levels and psychological nuances of negotiators necessitate effective adaptation and navigation of these variables for a successful resolution.
It is important for organizations to keep these changes in mind when dealing with LockBit attacks and to ensure they understand the negotiation process in order to increase their chances of mitigating the impact of such attacks.