LockBit 2.0 ransomware group is hiring corporate insiders to infiltrate and encrypt corporate networks. In exchange, these insiders-cum-partners are promised millions of dollars. The new LockBit 2.0 ransomware was discovered last month.

The recruitment of corporate insiders

Recruiting corporate insiders, which are essentially employees of an organization, is one of LockBit’s first initiatives.
  • Hackers are placing their offers for corporate insiders on the Windows wallpaper saved on encrypted devices of the victims. 
  • The advertisement claims to offer millions of dollars to insiders having access to internal accounts.
  • The text in the wallpaper has contact information redacted, mentioning that LockBit operators are looking out for VPN, RDP, and corporate email credentials to obtain or gain access to the network.
  • The ransomware gang stated that it will send the insider a virus that should be run on a computer. This virus could allow the gang remote access to the network.

Recent insider activities

However, there are multiple instances in recent months, where insiders or employees of a firm pose a security threat.
  • Recently, an internal Google document revealed that Google fired multiple employees between 2018 and 2020 for misusing their access to the company's tools or data and accessing user or employee data.  
  • In May, an FBI employee was charged with stealing classified documents and then took them home. The incident happened between 2004 and 2017 and steal information related to the FBI.


People being hired from all over the world and paid handsomely to meet the ultimate malicious intent of the threat actors is a developing trend. The recent finding indicates the LockBit gang probably wants to remove the middleman hackers for companies’ login credentials. Moreover, offers of millions of dollars to insiders could prove fatal for organizations if worked out in favor of criminals.

Cyware Publisher