Add this to your must-read list for the week (after you finish the Georgia indictment, of course, although to be honest, the ransomware diaries entry is more fascinating). Jon DiMaggio of Analyst1 writes:
In this volume of the Ransomware Diaries, I will share interesting, previously unknown details of the LockBit ransomware operation that LockBit has tried very hard to cover up. Until now, you have been lied to about LockBit’s true capability. Today, I will show you the actual current state of its criminal program and demonstrate with evidence-backed analysis that LockBit has several critical operational problems, which have gone unnoticed.
This time, besides using fake personas, I have spoken directly with the gang and many of its affiliate partners. I also reached out to victims. I learned what happens behind the scenes during the ransom negotiations and the relationships LockBit has with its affiliate partners and competing rival gangs. LockBit has secrets it does not want either party to know. Now, I look forward to sharing them with you!
Before I begin, I need to share a significant event that took place as I finalized this report. In August 2023, LockBit’s leadership vanished and was unreachable to fellow gang members, including its affiliate partners,
for the first two weeks of August. During that time, several of LockBit’s close associates shared concerns that the gang’s leadership was on the run or dead. Then, on August 13, LockBit reappeared on private channels as if it never happened. Still, during the time LockBit was gone, LockBits data leak site and infrastructure were up, but no one was actively managing it.
The question is: why? Fortunately, I have some answers.
Read more at Analyst1.com.