LockBit Ransomware: An Exclusive Interview With The Administrator
- 18/11/2022
- Deep Shukla
Updated on: 14/02/2023
1217 Views | 0 Comments
The LockBit ransomware was introduced to the public back in 2019 with LockBit version 1.0. Currently, it is in the 3.0 version. Ransomware has been a threat to date to companies and individuals. This article will completely focus on various information related to ransomware and the group that is running it. We have got an opportunity to know all of it through the ransomware creator himself. But before that, it is essential to introduce you to this ransomware.
Table of Contents
What Is LockBit Ransomware?
The LockBit ransomware (working as Ransomware-as-a-Service or RaaS) is pretty malicious software that has been designed in a bid to block users’ access to computer systems in exchange for the desired ransom payment. Usually, LockBit preys the valuable targets, then spreads the infection and simultaneously encrypts all the accessible computer systems on a network. Similar to most ransomware attacks, this particular ransomware is used for highly targeted attacks, especially the various enterprises and other organizations. The following are some of the threats that enterprises possess owing to the LockBit ransomware attack:
- Disruptions of the operations wherein the essential functions come to a sudden halt.
- Financial gain through extortion.
- Data theft as well as illicit publication as blackmail, in case the victim does not comply.
An Elite Interview With The LockBit Admin
We have great pleasure in bringing to you an exclusive interview with the administrator of the LockBit ransomware. In this interview, the interviewer will be known as the “Interviewer” while the LockBit Admin will be known as the “LB Admin”. That said, the substance of the interview has not been modified. We have only improvised on the text, grammar, and punctuation (wherever required) to improve the legibility of the LockBit interview.
Interviewer: When did you start LockBit and why?
LB Admin: LockBit was founded on September 3rd, 2019. Other groups were autistic or drug addicts.
Interviewer: Hahahaha. So, was this your first ransomware group? Or were you a veteran of the ransomware scene?
LB Admin: I am a veteran.
Interviewer: How'd you come up with the name LockBit? It's a cool name!
LB Admin: Normal logic, lock and byte, lock byte [sic]
Interviewer: Did you start LockBit by yourself? Or did you have a team?
LB Admin: I had a team. I'm the boss. LockBit 1.0 was not created alone. Currently, our team has over 10 members which include pentesters, developers, money launderers, testers, and negotiators.
Interviewer: You mentioned other competitors were drug addicts. Is substance abuse an issue in ransomware groups?
LB Admin: Yes, cocaine or marijuana. I use drugs, but in very reasonable quantities and on rare occasions.
Interviewer: Understood. Well, is the current LockBit team still present in LockBit 3.0?
LB Admin: Yes, people very rarely leave. If they do leave, I find and recruit.
Interviewer: Do you ever see internal conflicts in the group? How do you manage that?
LB Admin: If I see that the person behaves inadequately and does not correct himself, then I fire such a person or create conditions under which he leaves on his own.
Interviewer: Do you ever hire outside of your team? Like contractors?
LB Admin: Naturally, I hire different specialists for any work. I can't do everything with my own hands. In fact, I am a manager.
Interviewer: This is a lot of work. Are you stressed from running the largest cyber cartel in history?
LB Admin: I don't have any stress. I love my job. It's a lot of fun. I love when I have 5 stars and helicopters like in GTA, I have fun.
Interviewer: Your group is extremely active, how many affiliates do you have?
LB Admin: No more than 100 people at the moment. My dream is 300 partners like 300 Spartans. In my blog, there is a detailed description of how to become a partner. It can include any person from the planet earth and even aliens.
http://lockbitapt2d73krlbewgv27tquljgxr33xbwwsp6rkyieto7u4ncead.onion/rules
Interviewer: Regarding affiliates, you mentioned you have over 100... Do you have banned affiliates? Do affiliates know each other? Do you have a chat room?
LB Admin: No, we don't have a chat room. If someone wants to share with their partner, they can do so. As far as banning affiliates - I do regular purges and block those who are not active.
Interviewer: Do you ever reward affiliates for being active or doing big ransoms?
LB Admin: The best reward for my partners is a stable platform to work with an impeccable reputation. It is the fourth year of stability, what could be better?
Interviewer: Do you negotiate for affiliates? Or do they do it themselves?
LB Admin: I negotiate personally. For an increased percentage, the usual percentage is 20%. But if the negotiations are conducted by me personally, the percentage ranges from 30% to 50% depending on the complexity and effectiveness of the negotiations.
Interviewer: Have you seen a decrease in affiliates since the beginning of the Russian / Ukrainian conflict?
LB Admin: Yes I observe. 1%-20% of the partners have gone to other countries to avoid being mobilized. The FBI has a great opportunity to catch someone who is not watching their anonymity and not quality laundering of money obtained by criminal means.
Interviewer: Do you ever casually talk with affiliates or consider them your friends?
LB Admin: Every partner is my friend.
Interviewer: Regarding affiliates, people have discussed the difficulty of cashing out ransoms. Is it hard?
LB Admin: I don't believe it, it's very simple.
Interviewer: What really? Is it easy to cash out?
LB Admin: There's nothing easier than cashing out, it's the easiest thing in my job. Just transfer the money to Chinese exchangers, from there to another exchange, then to drop *** cards. You send the *** to the ATM and they bring you the cash.
Interviewer: How do *** get the crypto on a card?
LB Admin: There are a lot of online services, from cryptocurrency exchanges to exchangers and LocalBitcoins. I always use different ways to blend in with the crowd.
Interviewer: You trust ***?
LB Admin: I don't trust ***. But if you cash out long over several years and in small installments, there is no problem.
Interviewer: Where do you find ***? Forums?
LB Admin: Yes
Interviewer: Do you meet them in person?
LB Admin: Yes
Interviewer: Do these money mules know you're the leader of LockBit?
LB Admin: No, lol, they think I'm just some random hacker.
Interviewer: Wow! How much cash do you have these mules move?
LB Admin: $1000-7000$
Interviewer: Do the mules go to the same ATM? Or multiple?
LB Admin: LOL! Of course not! They go to different ATMs. I trust *** no more than $7,000.
Interviewer: Do you give these mules a percentage of the money they cashed out?
LB Admin: Yes, 5%.
Interviewer: In a video that was released, some cl0p ransomware affiliates stored their money under a mattress. Is that where you keep your money too?
LB Admin: I don't have money under my mattress. Everything I cash out I immediately invest in the business and mix it with legal money. This way I inflate my business profits and launder money. And I spend only the money that is obtained in an honest way from the profits of my business and pay with my card.
Interviewer: Hahahaha. Yes, it's been rumored you own a restaurant. Is this true?
LB Admin: It's true, now I have 3 restaurants in China and 2 restaurants in New York.
Interviewer: (Random question) If you had the chance to tell threat intelligence something, what would you say?
LB Admin: Work better bums, you have to find all my competitors, but you can never find me.
Interviewer: (Random question) If you had the chance to talk to the FBI, what would you say?
LB Admin: Free Assange.
Interviewer: (Random question) If you had a chance to tell an anti-virus company something. What would you say?
LB Admin: Don't watch your users, please.
To Sum Up…
LockBit Ransomware is relatively a new ransomware attack in the long queue of extortion cyberattacks. It was formerly known as the “ABCD Ransomware” and has grown into a unique threat in the past two years. The notable past targets of the ransomware group include various organizations in the United States, China, India, Indonesia, Ukraine, France, the UK, and Germany. The administrator of the LockBit group has been in a discussion with an interviewer answering all the essential questions that common people would probably want to know.