Ransomware LockBit: a hundred victims per month in the first half

Valéry Rieß-Marchive reports:

In the first half of the year, more than 420 victims were claimed on the showcase site of the LockBit 2.0 franchise. This figure is lower than the reality. But to what extent? The examination of clues present in the source code of the showcase site sheds new light… on the level of activity of the franchise, but also on the percentage of victims who have potentially agreed to pay a ransom. Explanations.

Each victim has their own claim page on the LockBit 2.0 showcase site. Whether the data is already leaked or not, the source code for this page contains an index number corresponding to the resource of the stolen data – the  data-file-path value  in the capture below. For the first part of the data stolen from the Danish wind turbine specialist Vestas, this number was 947. For the most recent victim claimed at the time of this publication, the Italian Datalit, it is 1660. For Aquazzura, a claim from mid-July 2021, the number is 32.

Each page published on the showcase site of LockBit 2.0, therefore, its unique index number to find the associated data, even if these are not yet accessible to site visitors.

Read more of Valéry’s observation and clever research at LeMagIT.

About the author: Dissent

Comments are closed.