Cyber Crime Junkies
Cyber Crime Junkies

Understanding Ransomware Gangs: Key Information

April 17, 2026

AI Summary

5 min read

Cybercrime investigator John DiMaggio joins the podcast to detail Lockbit, one of the world's most prolific ransomware gangs, based on his undercover research into their operations, internal communications, and recent setbacks. He explains how Lockbit functions as a ransomware-as-a-service (RaaS) provider and uncovers flaws that have eroded its reputation among affiliates and victims.

Lockbit's RaaS Model

Lockbit operates like a business with around 100 core employees who develop ransomware tools and maintain infrastructure on the dark web. They do not hack victims themselves but recruit affiliates—independent "digital mercenaries"—who infiltrate networks, steal data, encrypt systems, and negotiate ransoms. Affiliates keep most proceeds after paying Lockbit a generous share, often described as "buy an island" money.

The platform is user-friendly: affiliates upload stolen data via a point-and-click interface, which generates a victim page with a countdown timer threatening data release if unpaid. Affiliates handle collections through decentralized channels, while Lockbit provides support like decryption keys. This model exploded after Lockbit 3.0 launched in June 2022, doubling attacks and building a four-year reputation for reliably posting data.

Continue reading the full summary in the app — free to try.

Read Full Summary →

Free • No credit card required

Listen to Audio Summary Open in App

What you'll learn

  • 1 (00:00) **Intro to Lockbit Ransomware Gang** - Host introduces episode with investigator John DiMaggio on Lockbit's operations and recent FBI disruptions
  • 2 (04:01) **Lockbit High-Level Overview** - DiMaggio explains Lockbit as top ransomware gang seen frequently in dark web breaches
  • 3 (05:02) **Lockbit's Core Problems Exposed** - DiMaggio details 70-page research on Lockbit lying to partners and failing to post victim data
  • 4 (06:31) **Lockbit Business Model Defined** - Core gang develops ransomware; hires affiliates as mercenaries who hack, steal data, negotiate ransoms
  • 5 (08:21) **Failure to Deliver on Data Posting Threats** - Lockbit's leak site is mostly a prop; victims rarely see actual data dumps despite timers
  • 6 (09:12) **Backend Communication Breakdowns** - Affiliates face week-long delays via Tox app; poor "customer service" frustrates high-stakes operations
  • 7 (10:20) **Infrastructure Update as Facade** - Post-update, sites show fake "buy data" options or broken links instead of posting

+ Full timestamped outline available in the app

Show Notes

David Mauro interviews Jon DiMaggio, a well-respected cybercrime investigator, delving into Understanding Ransomware Gangs: Key Information. Including the operations of LockBit, once the Top ransomware gang and now a Cyber Crime Gang Exposed. We discuss the Ransomware Take Down of #Lockbit, and how Jon’s research led to cyber criminals exposed on #cybercrimejunkies.

#lockbit #ransomware #cybercrime

Questions? Text our Studio direct. We read these and when helpful we give a special shout out for those to contact us.

New non-fiction Book Series is out! 

Growth without Interruption. Get peace of mind. Stay Competitive-Get NetGain. Contact NetGain today at 844-777-6278 or reach out at [email protected] or find more at www.NETGAINIT.com  
 

New non-fiction Book Series is out! 

Support the show

New Exclusive Offers for our Listeners!

New non-fiction Book Series is out! 

🔥 4 years. 400+ interviews. Available on Amazon. We are all Stevie Parker. 

Remove Your Data Online Today. Consider OPTERY Risk Free. Sign up here https://get.optery.com/DMauro-CyberCrimeJunkies

Or Turn it over to the Pros at DELETE ME and get 20% Off! Remove your data with 24/7 data broker monitoring. 🔥