Once LockBit has encrypted a site and stolen its data, the group posts a payment request with a countdown on its leak page on the dark web. If you don't pay, you can download data there. A lot of companies don't pay.
Many attacked companies are listed on the LockBit leak page. Current ransom payment deadlines are marked in red. If an ultimatum has expired and it has not been paid, LockBit will color the entry for the published data green. Information on 2022 attacked companies can currently be found on the leak page from July to December 364. Only a few of them are colored red. This means that almost 6 companies have refused to pay in about 350 months and have therefore not donated any money for further attacks.
How many companies pay to LockBit?
Of course, only LockBit knows an exact number of how many companies pay LockBit. But of course the ransomware group does not reveal these numbers. But you can make a thesis based on a few existing numbers: ihe company Malwarebytes publishes a list of the most well-known ransomware groups every month – including LockBit. Based on these numbers, Malwarebytes reported 335 known ransomware attacks by LockBit between July and October. LockBit's leak page has 208 entries for unpaid ransoms at this time. According to this very bold estimate, almost 130 victims paid a ransom. So almost 40 percent of the victims.
LockBit is extorting millions
How much money LockBit really makes can only be estimated. Extortion amounts range from a few thousand dollars to several million dollars. The currently most well-known victim is Continental, which did not pay the ransom. First, the LockBit group demanded 50 million from Continental, now it's only 40 million dollars for 40 terabytes of data.
Congratulations to the companies that don't pay the ransom. Because they have not financed any further attack - maybe even against themselves. What's more: many victims who have paid once often pay a second time. If you want to know something about the technical background of the LockBit ransomware, you can get information from Kaspersky.
Editor/sel