According to the malware operator LockBit, he was forced to commit cybercrimes due to the lack of job where his abilities would be appreciated.
The specialists of the information security company Cisco Talos managed to talk to the operator of the ransomware LockBit, who carried out all the malicious operations alone. The hacker talked about his modus operandi (victims, tools, etc.) and what pushed him on the path of cybercrime. In addition, he spoke about the plight of a security researcher in his home country, which, according to Cisco Talos, is Russia.’
In an interview, LockBit operator, who identified himself as Alex (according to Cisco Talos, he lives in Siberia and is in his thirties), said that he is a self-taught researcher specializing in penetration testing, network security and intelligence.
While still a student, Alex got a job at an IT company, but was quickly disappointed, as he felt that “the Russian cyber industry did not properly appreciate” his abilities.
“His disappointment became apparent when, during our conversations, he disparaged several prominent Russian cybersecurity companies. He also remarked that “in the West, I could probably work white and make money easily …” suggesting that it was the underestimation of his abilities and low wages that drove him to engage in unethical and criminal activities”, — according to the Cisco Talos report.
Alex even gave several examples of such “underestimation” – the refusal to accept his reports on security problems on several sites, including the Russian social network. His “good intentions were ignored,” Alex said, which pushed him onto the path of cybercrime.
Finding vulnerabilities and participating in bug bounty programs Alex also considers disastrous, as companies are doing everything possible to avoid paying researchers. But Cisco Talos experts are sure that the young man is mistaken, because his statement does not match the results of their observations. Most likely, he just listened to the untrue stories of other cybercriminals.
It is noteworthy that Alex’s decision to become a ransomware operator was motivated not only by the desire for financial gain. Although cyber ransomware is indeed profitable, the young man also wanted to show companies why poor data security is risky.
As Alex noted, “Russia is the best country for cybercriminals,” and the best victims are companies in the US and Europe, which pay “faster and more” than companies in the post-Soviet space. The fact is that in the case of Western companies, the payments to the ransomware operators are covered by insurance. In addition, victims in Europe are afraid of their data being leaked due to the fines it faces under the General Data Protection Regulation (GDPR).
Cybercriminals often tend to justify their actions after the fact, even if there was no real moral ambiguity in the crime.
“In this case, he (Alex – ed.) was pushed onto the path of cybercrime by the lack of work that would meet his needs. Underestimation of ability, resentment and lack of economic incentive are often the reasons for pushing the path of cybercrime, and this story is a shining example”, – concluded the experts.
Let me remind you that I also talked about Matryosh malware that attacks Android devices via ADB.
