LockBit ransomware operators are looking to recruit insiders from corporate companies to assist them with breaches and encryption of data. For those who accept, they are promising millions.

Ransomware groups don’t usually go this route when planning attacks, but if certain employees choose to accept, they’ll have instant access to many devices on the network. The developers of the ransomware often maintain leak sites, coordinate affiliates, and then sell the ransomware to said affiliates to carry out attacks while taking in a smaller percentage of the ransom.

Now, they’re avoiding paying out the affiliates while attempting to malware to those inside networks. In related news, a Conti affiliate recently outed Conti’s attack plan after they felt they were not paid properly for encrypting a victim network. This is all very suspicious considering threat actors can recruit cybercriminal talent from anywhere in the world.

LockBit’s recruiting pitch reads as follows, “Would you like to earn millions of dollars? Our company acquire access to networks of various companies, as well as insider information that can help you steal the most valuable data of any company. You can provide us accounting data for the access to any company, for example, login and password to RDP, VPN, corporate email, etc. Open our letter at your email. Launch the provided virus on any computer in your company. Companies pay us the foreclosure for the decryption of files and prevention of data leak. You can communicate with us through the Tox messenger. https://*******/download.html Using Tox messenger, we will never know your real name, it means your privacy is guaranteed. If you want to contact us, use ToxID: xxxx”

Insider threats pose massive risks to business because they already have access to everything threat actors look to gain. Close monitoring of your employees can be difficult if you’re looking to accomplish it through your internal team, but SpearTip’s services allow you to have protection from outside threats as well as those within your company. Suspicious activity can be investigated by our team easily and provide you with the answers you need to assess the situation properly.

Our Security Operations Center operates 24/7 to protect organizations from constant threats. Whether they’re potentially originating from inside your organization or if you want to bolster your security posture from outside threats, a Security Operations Center as a Service enables your organization to have a dedicated team of certified security engineers always watching over your networks.

Early detection of threats is crucial for quick response, so our engineers work in tandem with our proprietary endpoint detection response tool, ShadowSpear, to nix threats before they can harm your business. ShadowSpear provides a direct avenue of communication between our engineers and your business while displaying a customizable dashboard with live threat tracking.