- How to Become a Chief Information Officer: CIO Cheat Sheet
- 3 handy upgrades in MacOS 15.1 - especially if AI isn't your thing (like me)
- Your Android device is vulnerable to attack and Google's fix is imminent
- Microsoft's Copilot AI is coming to your Office apps - whether you like it or not
- How to track US election results on your iPhone, iPad or Apple Watch
LockBit 3.0 Ransomware Variants Surge Post Builder Leak
The leak of the LockBit 3.0 ransomware builder has triggered a surge in personalized variants, impacting various organizations.
Writing in an advisory published last Friday, Kaspersky researchers Eduardo Ovalle and Francesco Figurelli have provided insights into the consequences of this breach, shedding light on the array of LockBit 3.0 derivatives.
LockBit 3.0, also known as LockBit Black, first emerged in June 2022 and posed challenges for security analysts and automated defense systems due to its encrypted executables, random passwords and undocumented Windows functions.
In September 2022, the uncontrolled leak of the LockBit 3.0 builder surfaced, enabling cyber-criminals to create tailored ransomware strains. Two versions of the builder appeared, each with slight variations. Subsequently, attacks utilizing these customized LockBit variants increased, deviating from the usual LockBit operations in aspects like ransom notes and communication channels.
Read more on LockBit attacks: LockBit Dominates Ransomware World, New Report Finds
Kaspersky’s GERT team conducted an in-depth analysis of the leaked builder. The team examined the builder’s underlying architecture, shedding light on its construction methodology, encryption techniques and configuration parameters.
Through this investigation, the team was able to unravel the complexities of the builder’s design, gaining insights into how it assembles the ransomware strains, secures its payload and configures various parameters that govern its behavior.
“Suddenly, not only is the barrier to entry for the LockBit group removed, but a good deal of their weaponized techniques, tactics and procedures (TTPs) have been exposed,” commented Colin Little, security engineer with threat intelligence provider Centripetal.
“Law enforcement now has a lot of comparative data which will be used to close in around the LockBit group. This will also help cyber defenders prevent infiltration around the LockBit and affiliate TTPs.”
