Ransomware Roundup: LockBit, Payment Bans, and Trends
August 23, 2023 at 10 am PT / 1 pm ET
On Wednesday, August 23 at 10 am PT / 1 pm ET, IST adjunct advisors and members of the Ransomware Task Force, Jen Ellis, Marc Rogers, Jason Kikta, and Silas Cutler hosted a popup webinar on the latest ransomware news.
Lots has been going on in the world of ransomware.
Jon DiMaggio published a report this month on LockBit that suggests the once aggressive ransomware gang is faltering: failing to publish and leak victim data, losing affiliates, and even possibly dealing with compromised infrastructure. What should we make of this news? Is LockBit truly out, and what does this mean for the larger ransomware ecosystem?
Meanwhile, discussion around ransomware payment bans continues to proliferate, with the U.S. and Australia both reportedly considering a ban. As Anne Neuberger suggested during IST’s May Ransomware Task Force anniversary event, a ban might include a waiver that could allow the entity to pay if they are delivering critical services. How might such a waiver be carried out in practice? And would it even be feasible? After all, according to stats from ecrime.ch, 1,299 known victims have been hit by a ransomware attack in the United States between January 1 and August 15. But counting all of the federal work days up to August 15, waiver adjudication would have needed to process an average of 8.3 victims per day–not considering attack ebbs and flows, which may further complicate the process.
Lastly, the Ransomware Task Force published its May 2023 progress report, citing significant change across the ransomware landscape. What has been happening in the months since? What should we make of the reports of ransomware on the rise?