LockBit retained victim data after receiving ransom payment, NCA reveals
Despite getting ransom payment and assuring to delete data, ransomware gang LockBit retained victims’ personal data.
In the takedown of LockBit, described as ‘the most prolific and harmful ransomware group’ by Graeme Biggar, director general of Britain’s National Crime Agency (NCA), it was revealed that the gang retained data even after receiving and promising to delete a ransom payment from victims. The NCA claimed this was evidence “that even when a ransom is paid, it does not guarantee that data will be deleted, despite what the criminals have promised.”
LockBit has been known to infiltrate victim’s computer networks by encrypting their devices, stealing data, and then demanding a ransom payment to provide a decryption key and to delete the data. NCA plans to reveal further information about the gang, including administrator LockbitSupp and the gang’s finances they have discovered after the takedown.
Ransomware is a growing global issue and as per Bigger, “ransomware threat is significant, and 2023 was the highest number of attacks and the most money taken.” Bigger added that “LockBit may seek to rebuild their criminal enterprise. However, we know who they are and how they operate. We are tenacious and will not stop trying to target this group and anyone associated with them.”
About author
DW Team
The GIP Digital Watch Observatory team, consisting of over 30 digital policy experts from around the world, excels in the fields of research and analysis on digital policy issues. The team is backed by the creative prowess of Creative Lab Diplo and the technical expertise of the Diplo tech team.