October 10, 2023

CDW, a $20 billion IT reseller, has refused to pay LockBit’s ransom demands, prompting the cybercrime gang to threaten to leak the company’s stolen data.

LockBit spokesperson LockBitSupp told The Register that the company offered a “ridiculous” amount of money, which “insulted the crooks.”

“As soon as the timer runs out you will be able to see all the information,” LockBitSupp said. “The negotiations are over and are no longer in progress.”

The countdown timer on LockBit’s victim blog shows that CDW’s data is scheduled to be published on October 11. CDW has not yet commented on the incident, which appears to have been ongoing since at least September 3.

Cybersecurity experts warn that ransomware groups are ramping up their tactics in forcing victims to pay quickly. They say that posting a company to a victim blog multiple times is a known aggressive tactic adopted by ransomware groups to hurry negotiations.

The U.K. National Cyber Security Centre (NCSC) has a longstanding stance against paying ransoms to cybercriminals, citing research that shows less than half of businesses paying ransoms recover all of their data.

Experts also note that LockBit has a history of using pressure tactics and engaging in strange behavior. For example, the group has been accused of orchestrating “fake” ransomware attacks and posting false information on its website.**

It is unclear what data LockBit stole from CDW or how the group breached the company’s network. However, experts say that the leak, if it occurs, could have a significant impact on CDW’s customers and partners.

The sources for this piece include an article in TheRegister.