The following interview, which we publish in full, was conducted in December 2024 by Erez, a member of the deepdarkCTI community.

Q (Erez): Lockbit has been one of the most resilient ransomware groups despite
numerous disruptions. How do you maintain operational secrecy and continuity in the face of global law enforcement efforts like Operation Cronos?
A (Lockbit): To stay elusive, all you need to do is launder Bitcoin and avoid searching for anything criminal on your iPhone. That’s the whole secret.

Q (Erez): With the rise of competing groups like Ransomhub and reports of affiliates defecting, how does Lockbit plan to retain its affiliates and ensure loyalty in such a competitive cybercriminal ecosystem?
A (Lockbit): I don’t plan to retain anyone—everyone works where they want. However, my advantages over competitors are:

1. I will never scam my affiliates because I have hundreds of millions of dollars,
   while competitors often run away with money once they see a big sum.
2. My decryptors are now absolutely invulnerable due to my vast experience
   fighting the FBI, whereas competitors could have the FBI sitting in their systems for years.
3. I cannot be intimidated, which means my business remains stable, and my
   affiliates know I will never abandon them.
4. Only in my affiliate program is it now allowed to attack any critical infrastructure, healthcare institutions, or military targets—there are no restrictions. Competitors have these restrictions. In general, the more competition, the better; without it, there’s no progress.
5. I use modern encryption algorithms that competitors don’t have.
6. I have unlimited budgets for developing new software.

Q (Erez): Your Ransomware-as-a-Service (RaaS) model has been widely discussed. What measures do you take to vet potential affiliates and ensure they align with Lockbit’s strategic goals?
A (Lockbit): Now, anyone can access a Ransomware panel and start working within five minutes after paying a symbolic fee of $777. Those who prove themselves as experienced pentesters will gain access to a more advanced and functional Ransomware panel.

Q (Erez): Speaking about Cronos—the NCA’s operation claimed significant disruption to your group’s infrastructure. Can you shed light on the actual impact of this operation on Lockbit’s operations and future plans?
A (Lockbit): If we talk about the cost of replacing two compromised servers, the “serious” damage amounted to $2,000—I simply bought new servers the next day and continued working.
As for lost profits, maybe there was some, but I can’t measure it, so I don’t know how serious it was. If we consider that, thanks to sanctions imposed on someone I don’t even know, the FBI forced me to lift all restrictions on critical infrastructure attacks, introduce automatic registration for anyone willing to pay $777, and further decentralize operations—then the NCA should think about what their attack really achieved. Time will tell.

Q (Erez): Lockbit 4.0 marked a significant evolution in your ransomware’s capabilities. What drove the decision to release this new version, and what do you see as its main innovations compared to previous iterations?
A (Lockbit): Version 4.0 focused on security and making free decryption absolutely impossible. No competitor has anything similar.

Q (Erez): The arrest of one of your core members in Israel was a high-profile event. How has this impacted your leadership and the morale of your other group’s members? Do you have plans to adapt your operational structure in light of this?
A (Lockbit): I don’t know this person personally. My employees don’t tell me where they live or what their real names are. In my team, programmers constantly rotate—whenever one leaves or disappears, another, even more skilled programmer, takes their place. That’s just how our work operates—programmers lack OPSEC.

Q (Erez): With advancements in artificial intelligence, there are concerns about its misuse in crafting more sophisticated ransomware attacks. Has Lockbit explored or implemented AI in its operations, such as automated phishing campaigns, adaptive encryption, or advanced detection evasion tactics?
A (Lockbit): No.

Q (Erez): With the rise of ransomware fatigue and victims becoming less willing to pay, coupled with heightened global scrutiny, how do you see the ransomware landscape evolving in the next few years? Will Lockbit continue to adapt, or are alternative cybercrime models being considered?
A (Lockbit): We will continue working the classic way, just as we always have.

Q (Erez): Every individual, even those in unconventional paths, draws inspiration from somewhere. Is there a particular book, person, or movie that has shaped your worldview or influenced your approach to leading Lockbit?
A (Lockbit): Yes, the Director of the FBI. Whenever I write responses to interviews, I look at his photo—I printed out his portrait and hung it on my wall. He inspires me to work. He wants to destroy me, and I want him to have a job—so I continue my activities for him.

Q (Erez): Do you have any final words or messages you’d like to share with my
followers (35k)—whether it’s advice, a challenge, or something else?
A (Lockbit): I want to ask your followers—where are you? Why aren’t you
subscribed to my channel? hxxps[:]//t[.]me/foxwmapt

And of course:
“Want a Lamborghini, a Ferrari, and lots of titty girls? Sign up and start your
pentester billionaire journey in 5 minutes with us.”