2 min read

Disgruntled Developer Leaks LockBit Ransomware Builder Online

Vlad CONSTANTINESCU

September 22, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Disgruntled Developer Leaks LockBit Ransomware Builder Online

The infamous LockBit ransomware operation recently took a hit when an angry developer seemingly leaked the latest version of the gang’s encryptor online.

In June, the cybercrime gang launched the third iteration of its service, version 3.0 (dubbed LockBit Black), after two months of beta testing. LockBit’s ransomware-as-a-service (RaaS) operation’s overhaul implemented several features, including new extortion tactics, Zcash crypto payment options, and the first ransomware bug bounty program.

Yesterday, a tweet from a new account disclosed that an unidentified team “managed to hack several LockBit servers” and “builder LockBit 3.0 was found on one of the servers.” The announcement included a link to a protected file and a password to unlock it.

Security researcher 3xp0rt reported the incident in a tweet, stating that “Ali Qushji,” the alleged author of the hack, might’ve found the LockBit Black (3.0) ransomware builder. The researcher also retrieved the protected file and made it publicly available on their GitHub repository.

In response to 3xp0rt’s announcement on Twitter, VX-Underground said they also received a copy of the builder on Sept. 10 from a user named “protonleaks,” as Bleeping Computer reports. Furthermore, VX-Underground disclosed that they contacted a LockBit representative for clarification, who said the leaker was a “programmer employed by Lockbit ransomware group,” putting to rest rumors the organization had been hacked.

3xp0rt’s tweet included a few screenshots depicting a snippet of the original, no-longer-available tweet, the contents of the LockBit archive, and a preview of a JSON configuration file.

The leaked builder archive comprises four files: a builder, a customizable configuration JSON file, an encryption key generator, and an automated BAT script that generates all the files needed to run a ransomware campaign.

While the leaked builder could be of tremendous help to researchers developing decryption tools, it might also trigger a spike in ransomware attacks launched by independent hackers, now able to build their own version of the malicious tool.


Specialized software solutions like Bitdefender Ultimate Security can keep you safe against cyberthreats thanks to its extensive library of features, including:

  • Real-time protection against worms, Trojans, viruses, ransomware, rootkits, zero-day exploits, spyware, and other e-threats
  • Behavioral detection module that closely monitors active apps and takes instant action upon detecting suspicious activity
  • Multi-layer ransomware protection that keeps documents and multimedia files safe against ransomware attacks

tags


Author



Right now

Top posts

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Authorities Dismantle iSpoof Criminal Phone Spoofing Operation, Arresting 142 Authorities Dismantle iSpoof Criminal Phone Spoofing Operation, Arresting 142
Vlad CONSTANTINESCU

November 25, 2022

1 min read
975 Arrested by Interpol Over Phishing, Romance Scams, Sextortion and Investment Fraud 975 Arrested by Interpol Over Phishing, Romance Scams, Sextortion and Investment Fraud
Filip TRUȚĂ

November 25, 2022

2 min read
How SIM Swapping Attacks Work and How to Protect Yourself How SIM Swapping Attacks Work and How to Protect Yourself
Filip TRUȚĂ

November 25, 2022

3 min read