2 min read

Disgruntled Developer Leaks LockBit Ransomware Builder Online


September 22, 2022

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Disgruntled Developer Leaks LockBit Ransomware Builder Online

The infamous LockBit ransomware operation recently took a hit when an angry developer seemingly leaked the latest version of the gang’s encryptor online.

In June, the cybercrime gang launched the third iteration of its service, version 3.0 (dubbed LockBit Black), after two months of beta testing. LockBit’s ransomware-as-a-service (RaaS) operation’s overhaul implemented several features, including new extortion tactics, Zcash crypto payment options, and the first ransomware bug bounty program.

Yesterday, a tweet from a new account disclosed that an unidentified team “managed to hack several LockBit servers” and “builder LockBit 3.0 was found on one of the servers.” The announcement included a link to a protected file and a password to unlock it.

Security researcher 3xp0rt reported the incident in a tweet, stating that “Ali Qushji,” the alleged author of the hack, might’ve found the LockBit Black (3.0) ransomware builder. The researcher also retrieved the protected file and made it publicly available on their GitHub repository.

In response to 3xp0rt’s announcement on Twitter, VX-Underground said they also received a copy of the builder on Sept. 10 from a user named “protonleaks,” as Bleeping Computer reports. Furthermore, VX-Underground disclosed that they contacted a LockBit representative for clarification, who said the leaker was a “programmer employed by Lockbit ransomware group,” putting to rest rumors the organization had been hacked.

3xp0rt’s tweet included a few screenshots depicting a snippet of the original, no-longer-available tweet, the contents of the LockBit archive, and a preview of a JSON configuration file.

The leaked builder archive comprises four files: a builder, a customizable configuration JSON file, an encryption key generator, and an automated BAT script that generates all the files needed to run a ransomware campaign.

While the leaked builder could be of tremendous help to researchers developing decryption tools, it might also trigger a spike in ransomware attacks launched by independent hackers, now able to build their own version of the malicious tool.

Specialized software solutions like Bitdefender Ultimate Security can keep you safe against cyberthreats thanks to its extensive library of features, including:

  • Real-time protection against worms, Trojans, viruses, ransomware, rootkits, zero-day exploits, spyware, and other e-threats
  • Behavioral detection module that closely monitors active apps and takes instant action upon detecting suspicious activity
  • Multi-layer ransomware protection that keeps documents and multimedia files safe against ransomware attacks




Vlad's love for technology and writing created rich soil for his interest in cybersecurity to sprout into a full-on passion. Before becoming a Security Analyst, he covered tech and security topics.

View all posts

You might also like