Exposed: How ransom gang Lockbit negotiates payments
Picture: ACS - Supplied
Article Excerpt:
Leaked chats reveal sordid playbook.
“Don't go to the police or the FBI for help and don't tell anyone that we attacked you.”
That’s how ransomware gang Lockbit greets its victims.
In ransom notes left on compromised systems, the Russia-linked group directs its targets to a “secret chat” link where it promises to restore their sensitive data – for a price.
“[The police] will forbid you from paying the ransom and will not help you in any way,” one note read.
-
Those who follow the link are ushered into private chatrooms where Lockbit operatives negotiate ransoms, provide file decryption instructions, and collect thousands in illicit cryptocurrency payments.
While Lockbit promises anonymity to its payers, a recent dark web data leak exposed the gang’s infrastructure – including Bitcoin wallet addresses, member credentials, and a trove of ransom chat logs.
Information Age reviewed 12 of these leaked chats and found Lockbit not only secured payments of up to $87,500, but ran its extortion operations with a surprisingly systematic, helpdesk-like approach.
Evan Vougdis, one of our Cyber Directors and Cyber Threat Intelligence Practice Lead provided comment in this article:
Speaking with Information Age, Evan Vougdis, cyber director at Sydney-based cybersecurity firm NSB Cyber, explains Lockbit’s focus on proving its decryption tool works could be a tactic to build up trust.
“Whilst it may be unusual to think about ‘client experience’ with respect to a ransomware negotiation, this is something that ransomware negotiators consider when providing advice to their clients,” he says.
“Simply put: Can I put trust in this ransomware group – to the extent you can trust a cybercriminal organisation – to do right by me as the victim?”
-
Vougdis tells Information Age most ransomware groups ultimately “will offer discounts” given their “primary motivation, in most cases, is a financial one”.
“If a demand is $1,000,000 and the victim is firmly only willing to pay half the amount, it is unlikely they will turn it down,” he says.
Indeed, Lockbit refuses to negotiate in just two of the 12 leaked chats, while some agents even use time-sensitive discounts as a pressure tactic to drive reckless, same-day payments.
Vougdis, who has been involved in other ransom negotiations on behalf of clients at NSB Cyber, says his company has seen a rolling average of 48.75 per cent discounts from initial ransom demands.
Source: Information Age - ACS - Tuesday 27 May 2025
Author: By Leonard Bernardone
Reference: Exposed: How ransom gang Lockbit negotiates payments