28 September 2022

Leaked LockBit 3.0 builder is already being used in ransomware attacks


Leaked LockBit 3.0 builder is already being used in ransomware attacks

Although it’s been only a week since the newest LockBit 3.0 ransomware builder has been leaked online, security researchers are already detecting attacks using ransomware created with the help of this tool.

The builder includes a configuration file that can easily be customized to use different ransom notes, statistics servers, and features, allowing anyone to create their own ransomware.

Cybersecurity researcher Vladislav Radetskiy has shared details about a recent Bl00Dy Ransomware Gang ransomware attack utilizing an encryptor built using the recently released LockBit 3.0 builder against a Ukrainian entity. Bl00Dy Ransomware Gang is a relatively new operation first spotted in May 2022 when they attacked a group of medical and dental practices in New York.

Like other ransomware operations, Bl00Dy Ransomware Gang compromises corporate networks, steals data and encrypts devices. In order to extort victims and leak stolen data threat actors use Telegram channels. It appears that the group doesn’t develop their ransomware independently, but rather uses previously leaked ransomware builders.

The analysis of the Bl00Dy Ransomware Gang’s encryptor conducted by tech news site BleepingComputer revealed some differences between the new encryptor and those used in the previous attacks.

“In past campaigns, the threat actors added the .bl00dy extension for encrypted files. However, as this is not a customizable option in the LockBit 3.0 builder, the threat actors are left using extensions determined when the encryptor is built,” according to BleepingComputer.

“As LockBit 3.0 is one of the more advanced, feature-rich ransomware operations at this time, we should expect other threat actors to launch new operations using the leaked builder,” the experts added.


Back to the list

Latest Posts

Microsoft: Russia combines missile and cyberattacks in Ukraine

Microsoft: Russia combines missile and cyberattacks in Ukraine

In parallel with cyber threat activity Russia would likely conduct influence operations targeting Europe to undermine military and humanitarian assistance to Ukraine.
5 December 2022
Spanish police dismantle 'Black Panthers' SIM swap group

Spanish police dismantle 'Black Panthers' SIM swap group

The scammers stole about €250,000 from nearly 100 victims.
5 December 2022
Google releases emergency security update to fix Chrome zero-day bug

Google releases emergency security update to fix Chrome zero-day bug

With the new update the tech giant fixed the ninth Chrome zero-day since the start of 2022.
5 December 2022