Security News > 2024 > February > LockBit extorted billions of dollars from victims, fresh leaks suggest

The analysis showed addresses held around £100 million, £90 million of which was unspent, comprised largely of the payments made to LockBit by affiliates who were paid by victims.

Although the cut taken by LockBit typically varies, around 20 percent of the total ransom fee is paid to the LockBit organization, while the affiliate who actually carried out the attack keeps the remainder.

Considering LockBit was operating for around four and a half years before authorities shut it down this week, the likelihood that the sum extorted from victims over this time was in the real of multi-billions of dollars - a staggering feat of cybercrime.

Taking this into account, along with the number of victims LockBit has claimed over its lifespan, accounting for those that paid and those that didn't, LockBit could indeed have extorted billions of dollars from victims.

As of June 2023, authorities told The Reg that US LockBit victims had paid "More than $90 million" in ransoms since the ransomware op started in 2020 - a figure we can now assume to be severely underestimated.

To the delight of the cybersecurity community on Tuesday, February 20, authorities took control of LockBit's leak site, removing all mention of the victims it claimed over the years and transforming it into an exposé hub, revealing the once secretive operation's inner workings.

News URL

https://go.theregister.com/feed/www.theregister.com/2024/02/23/lockbit_extorted_billions_of_dollars/