The other day I wrote about the complex world of ransomware – Initial Access Brokers, Affiliates, in-fighting and much more.
In a timely fashion, Lockbit have just released a poll to all affiliates of a set of new terms they want to implement, which allows us to see the inside world of Afilliates and the money they can make.
The poll is in Russian, but using Google translate, we get to see the message they have issued to all affiliates.
As it currently stands, Lockbit doesn’t have much by way of rules – they have a code of conduct which regulates the types of victims they will allow, but nothing much more.
With the new poll, It looks like Lockbit want to start imposing rules around how much affiliates can ransom companies for, and how much of a cut of any ransom affiliates will be allowed to claim.
The main points of the proposed rules are as follows:
- No changes to the payment policy – payment options will remain “unregulated” and remain up to the affiliates, however,
- New rules which set the minimum ransom amount to be 3% of the victims annual revenue with the option of a 50% discount for quick payment, bringing it down to 1.5% of annual revenue.
- Establish a new rule where affiliates can only grant a 50% discount of the original ransom price.
- Establish a new rule where they will not accept a payment below the victims maximum ransomware insurance policy.
- Establish a new rule where they will accept a minimum payment of 50% of the victims ransomware insurance policy
Although the poll is still open, and no firm decisions have been made, one Affiliate – National Hazard Agency, has already stated they will no longer accept ransoms below 3% of the victims annual revenue, and they will immediately retaliate against any negotiator who approaches them with an offer of less than 3% of the companies revenue.
The retaliation will be complete destruction of company data.
