Self Assessment

Revealing the Ransom : Insights from Seized LockBit3’s Bitcoins

Published On : 2024-05-08
Share :
Revealing the Ransom : Insights from Seized LockBit3’s Bitcoins

During takedown actions against LockBit3, the UK’s National Crime Agency seized and traced 2,200 BTC from 500 wallets. These were fees collected over an 18-month period.

WE CAN USE THAT TO CALCULATE SOME INTERESTING NUMBERS TO GAIN INSIGHTS INTO RANSOMS PAID.

We know that LockBit lets their affiliates collect the ransom and only then do they send a 20% cut to LockBit. That means the total ransom paid was around 11,000 BTC.

Assuming the average price of BTC was $35,000 over the 18 months, the estimated total ransom paid by victims is 11,000 BTC x $35,000 = $385,000,000

Between 1st September 2022 and 1st March 2024, we have observed 1,499 LockBit victims. By dividing the estimated ransom by the number of victims we can calculate the estimated ransom per victim.

$385,000,000 / 1,499 = $256,838

The average ransom paid by LockBit victims.

We also know that LockBit is approximately 20% of all ransomware.

So, we can calculate

5 x $385,000,000 = $1,925,000,000

total estimated ransom paid around the world in the last 18 months.