Updated on 2022-09-29: LockBit leak yielding results
Security researchers have spotted a new version of the Bloody ransomware that has been built on the recently-leaked LockBit ransomware builder. More here.
Read more in
Updated on 2022-09-28: Leaked Lockbit builder is in use
The Bl00dy ransomware group has become the first reported group that used the Lockbit 3.0 builder, which was leaked last week. It came to light after hackers used a new encryptor against a Ukrainian organization. It took a while for researchers to identify the ransomware involved in the attack as initial characteristics resembled Conti or LockBit.
Updated on 2022-09-27
The recently formed Bl00Dy ransomware group was found using the leaked builder for LockBit 3.0 in its attacks in the wild. Previously, the group had used leaked builders for Babuk and Conti. Read more: Bl00dy ransomware gang started using leaked LockBit 3.0 builder in attacks
Updated on 2022-09-23: LockBit ransomware builder leaks online
The builder for the LockBit 3.0 ransomware strain was leaked online and has been widely shared over the past few days. The builder leak was initially advertised as a hack of the LockBit ransomware gang servers, but the leak was later also attributed to an intentional leak by one of LockBit’s former programmers in a gesture of revenge against their former employer.
Unknown person @ali_qushji said his team has hacked the LockBit servers and found the possible builder of LockBit Black (3.0) Ransomware. You can check it on the GitHub repository https://t.co/wkaTaGA8y7 pic.twitter.com/cPSYipyIgs
— 3xp0rt (@3xp0rtblog) September 21, 2022
As was the case of other core ransomware tools that leaked in the past, such as the Babuk and Conti source code, security experts now expect that numerous low-level threat actors will adopt the highly advanced LockBit builder for their own operations going forward. A technical analysis of the LockBit builder is also available here, and the builder itself is available on GitHub.
Read more in
- LockBit3.0 Leak
- Quick Overview of Leaked LockBit 3.0 (Black) builder program
- A TECHNICAL ANALYSIS OF THE LEAKED LOCKBIT 3.0 BUILDER
An angry developer leaked the builder for LockBit Black (version 3.0) on Twitter. The builder enables anyone to rapidly build the executables necessary for launching a ransomware operation. Read more: LockBit ransomware builder leaked online by “angry developer”