Someone has leaked the latest version of LockBit’s encryptor to the internet, and while at first it might seem like a data breach and theft, the ransomware operator’s public representative claims it’s actually the work of a disgruntled developer.
A brand new Twitter account named Ali Qushji claimed their team hacked the servers of LockBit and found a builder for the LockBit 3.0 ransomware encryptor. Following the tweet, malware source code library VX-Underground chimed in, saying they were contacted by a user named “protonleaks” on September 10, with the same content.
The same source also said that LockBitSupp, the public representative of the LockBit operation, confirmed that this was not the work of a hacking group, but rather a disgruntled developer, unsatisfied with the ransomware operator’s leadership.
Upset with leadership
“We reached out to Lockbit ransomware group regarding this and discovered this leaker was a programmer employed by Lockbit ransomware group,” VX-Underground tweeted (and subsequently deleted the tweet). “They were upset with Lockbit leadership and leaked the builder.”
BleepingComputer has since confirmed the authenticity of the leak, stating it’s the LockBit 3.0 encryptor’s builder, codenamed LockBit Black, that was leaked. The version, that’s been in the testing phase for two months leading up to June, came with a number of new features, including anti-analysis, a ransomware bug bounty program, and new methods of extortion.
Leaking the builder doesn’t mean whoever gets infected with LockBit can now easily decrypt the hijacked data. Instead, it means that other threat actors can compile their own versions with ease, tweaking various configuration options, the ransom note, and other details. While that might hurt LockBit’s operations to some extent, it also means that organizations could soon be facing an even bigger number of ransomware strains.
This is not the first time an encryptor’s source code leaked online. At the start of Russia’s invasion on Ukraine, a hacker leaked Conti’s source code, a ransomware group that publicly supported the invasion at the time.
Via: BleepingComputer (opens in new tab)
Monica has a BA in Journalism and English from the University of Massachusetts and an MS in Journalism and Communications from Quinnipiac University. Monica has worked as a journalist for over 20 years covering all things entertainment. She has covered everything from San Diego Comic-Con, The SAG Awards, Academy Awards, and more. Monica has been published in Variety, Swagger Magazine, Emmy Magazine, CNN, AP, Hidden Remote, and more. For the past 10 years, she has added PR and marketing to her list of talents as the president of Prime Entertainment Publicity, LLC. Monica is ready for anything and is proudly obsessed with pop culture.