ADVERTISEMENT

Ransomware’s hidden secret: affiliates are incompetent morons that will betray on first chance

When targeting their victims, ransomware affiliates analyze cyber insurance policies to calibrate ransom demands and demonstrate industrial and regional biases. They are not loyal to their ransomware service operator, and often fail to restore files, even when paid, LockBit leak reveals.

ransomware affiliates

Image by Cybernews.

Ernestas Naprys
Ernestas Naprys Senior Journalist
Jun 14, 2025 Updated: 16 June 2025 4 min read
Key takeaways:
Anna-Zhadan justinasv Stefanie Paulina Okunyte
Be the first to know and get our latest stories on Google News
Add us as your Preferred Source on Google.

Affiliates often are ‘newbies’

lockbit
Image by Cybernews

Affiliates fail to restore data, even if they want to

“Some affiliates are either unable or unwilling to provide reliable decryption or support, undermining trust in their own extortion model,”
the researcher concludes.
ADVERTISEMENT

Loyalty is optional

“Ransomware affiliates operating under LockBit 4.0 demonstrated that even a small number of successful attacks can generate substantial financial returns, both for the affiliates and for the LockBit administrators,”
researchers said.

A single ransom brings a fortune

Medusa Ransomware
Image by Cybernews.
ADVERTISEMENT