LockBit leaks expose nearly 200 affiliates and bespoke data-stealing malware

2024-02-21 14:07

The latest revelation from law enforcement authorities in relation to this week's LockBit leaks is that the ransomware group had registered nearly 200 "Affiliates" over the past two years.

List of LockBit 3.0 affiliates published by the NCA. The FBI first started investigating LockBit in 2020, and the group has since developed new variants of its ransomware, the latest of which was released in mid-2022, so the data shared today likely shows all the affiliates that have ever deployed the most recent version of LockBit.

The data that's been gathered by compromising LockBit's backend will be used to investigate those involved in the deployment of the ransomware and paid money to be a part of the LockBit affiliate program.

"A large amount of data has been exfiltrated from LockBit's platform before it was all corrupted," reads LockBit's website, which is now under the control of the NCA. "With this data, the NCA and partners will be coordinating further enquiries to identify the hackers who pay to be a LockBit affiliate. Some basic details published here for the first time."

Much has been said over the years about LockBit's various ransomware payloads and its double extortion model, but StealBit is the lesser-known malware that was first deployed with LockBit 2.0 attacks dating back to 2021.

The unique identifier is what allows affiliates to be attributed for each data theft and is what LockBit leadership uses to see who should be paid for any given job.

News URL

https://go.theregister.com/feed/www.theregister.com/2024/02/21/lockbit_leaks/

#leak #lockbit #malware