LockBit’s dirty little secret: ransomware gang is failing to publish victims’ data

LockBit's dirty little secret: ransomware gang is failing to publish victims' data

According to a fascinating report by Jon DiMaggio of Analyst1, who spent a year undercover gathering intelligence on the LockBit group, the ransomware gang is trying to cover up “the fact it often cannot consistently publish stolen data.”

And that’s obviously a problem for a cybercriminal gang which is using the threat of publishing exfiltrated data as its primary lever for extorting a ransom from its victims.

DiMaggio claims that the problem “is due to limitations in [LockBit’s] backend infrastructure and available bandwidth.”

“LockBit recently updated its infrastructure to address these deficiencies. However, this is a gimmick to make it appear that it corrected the previously mentioned problem with posting victim data. It claims victims’ “FILES ARE PUBLISHED”. Often, this is a lie and a ploy to cover up the fact that LockBit cannot consistently host and publish large amounts of victim data through its admin panel, as promised to its affiliate partners. Further, over the past six months, LockBit has presented empty threats it failed to act upon after many victims refused to pay. Yet, somehow, no one has noticed.”

I guess if you steal a huge amount of data from many companies you have to ensure that you have the storage space and server infrastructure to leak it to the world.

As a result of these and other issues (DiMaggio says a deadline to release an updated version of the ransomware has been missed, for instance), the group’s reputation has been tarnished and some of LockBit’s top affiliates have left for other ransomware groups in recent months.

My guess is that companies might be a lot less inclined to pay a ransom if they believed it was less likely that their stolen data was actually going to be published…

Sign up to our free newsletter.
Security news, advice, and tips.

It will be interesting to see if LockBit can address its infrastructure issue – perhaps by offering the data it has stolen from victimised companies via torrents instead.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

One comment on “LockBit’s dirty little secret: ransomware gang is failing to publish victims’ data”

  1. Adrian

    No need to publish this, but
    typo. "ranasomware"

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.