What is the actual level of LockBit's buyout economy?
Over the past 1.5 years, the LockBit group has received more than $125 million. in the form of buybacks, as shown by the analysis of hundreds of cryptocurrency wallets associated with the group's operations.
According to a press release from the National Crime Agency of Great Britain (NCA), during the Cronos operation aimed at ransomware, more than 500 active crypto wallets were identified, to which more than 2,437 BTC (more than $125 million at the current exchange rate) were transferred from July 2022 to February 2024.
At the same time, more than 2,200 BTC (more than $110 million) remained unspent at the time of LockBit's termination. Unspent funds represent the amount of ransom payments made by victims and payments made by the LockBit group itself, including a 20% commission paid to partners using the RAAS model (Ransomware-as-a-Service).
The NCA also reported that the LockBit infrastructure takeover led to the discovery of 85 accounts on cryptocurrency exchanges with assets worth hundreds of thousands of dollars, which are now blocked by Binance.
The data for analysis were taken only for the 18-month period of the group's activity. Considering the confirmed LockBit attacks over 4 years of operation (more than 2,000 victims), the total impact is estimated at several billion dollars.
It is estimated that the average amount of ransom required was about $1.5 million. Given the number of victims of the group, the ransom amount in some cases could indeed be in the billions of dollars. It is worth noting that the proportion of victims who actually pay the ransom remains a matter of debate and varies in different reports.
Earlier, we reported that as part of the international operation Kronos, which began on February 19 , at least 3 LockBit accomplices were arrested in Poland and Ukraine. The arrests followed the dismantling of LockBit's dark web infrastructure, which is used by the group to threaten its victims and publish stolen data in case of non-payment of ransom. During the operation, at least 200 cryptocurrency accounts were seized and 34 servers were disabled in various countries, including the Netherlands, Germany, Finland, France, Switzerland, Australia, the United States and the United Kingdom.
LockBit, which has been operating since 2019, has become the most active ransomware group in the world, with almost 2,300 attacks. The group is known for attacking medical facilities, including Canada's largest children's hospital and the medical system in Pennsylvania and New Jersey.
Over the past 1.5 years, the LockBit group has received more than $125 million. in the form of buybacks, as shown by the analysis of hundreds of cryptocurrency wallets associated with the group's operations.
According to a press release from the National Crime Agency of Great Britain (NCA), during the Cronos operation aimed at ransomware, more than 500 active crypto wallets were identified, to which more than 2,437 BTC (more than $125 million at the current exchange rate) were transferred from July 2022 to February 2024.
At the same time, more than 2,200 BTC (more than $110 million) remained unspent at the time of LockBit's termination. Unspent funds represent the amount of ransom payments made by victims and payments made by the LockBit group itself, including a 20% commission paid to partners using the RAAS model (Ransomware-as-a-Service).
The NCA also reported that the LockBit infrastructure takeover led to the discovery of 85 accounts on cryptocurrency exchanges with assets worth hundreds of thousands of dollars, which are now blocked by Binance.
The data for analysis were taken only for the 18-month period of the group's activity. Considering the confirmed LockBit attacks over 4 years of operation (more than 2,000 victims), the total impact is estimated at several billion dollars.
It is estimated that the average amount of ransom required was about $1.5 million. Given the number of victims of the group, the ransom amount in some cases could indeed be in the billions of dollars. It is worth noting that the proportion of victims who actually pay the ransom remains a matter of debate and varies in different reports.
Earlier, we reported that as part of the international operation Kronos, which began on February 19 , at least 3 LockBit accomplices were arrested in Poland and Ukraine. The arrests followed the dismantling of LockBit's dark web infrastructure, which is used by the group to threaten its victims and publish stolen data in case of non-payment of ransom. During the operation, at least 200 cryptocurrency accounts were seized and 34 servers were disabled in various countries, including the Netherlands, Germany, Finland, France, Switzerland, Australia, the United States and the United Kingdom.
LockBit, which has been operating since 2019, has become the most active ransomware group in the world, with almost 2,300 attacks. The group is known for attacking medical facilities, including Canada's largest children's hospital and the medical system in Pennsylvania and New Jersey.
