- ITDM 2025 전망 | 금융 플랫폼 성패, 지속가능한 사업 가치 창출에 달렸다” KB국민카드 이호준 그룹장
- “고객경험 개선하고 비용은 절감, AI 기반까지 마련” · · · AIA생명의 CCM 프로젝트 사례
- 2025年、CIOはAIに意欲的に投資する - そしてその先も
- The best robot vacuums for pet hair of 2024: Expert tested and reviewed
- These Sony headphones eased my XM5 envy with all-day comfort and plenty of bass
LockBit 3.0 Ransomware Variants Surge Post Builder Leak
The leak of the LockBit 3.0 ransomware builder has triggered a surge in personalized variants, impacting various organizations.
Writing in an advisory published last Friday, Kaspersky researchers Eduardo Ovalle and Francesco Figurelli have provided insights into the consequences of this breach, shedding light on the array of LockBit 3.0 derivatives.
LockBit 3.0, also known as LockBit Black, first emerged in June 2022 and posed challenges for security analysts and automated defense systems due to its encrypted executables, random passwords and undocumented Windows functions.
In September 2022, the uncontrolled leak of the LockBit 3.0 builder surfaced, enabling cyber-criminals to create tailored ransomware strains. Two versions of the builder appeared, each with slight variations. Subsequently, attacks utilizing these customized LockBit variants increased, deviating from the usual LockBit operations in aspects like ransom notes and communication channels.
Read more on LockBit attacks: LockBit Dominates Ransomware World, New Report Finds
Kaspersky’s GERT team conducted an in-depth analysis of the leaked builder. The team examined the builder’s underlying architecture, shedding light on its construction methodology, encryption techniques and configuration parameters.
Through this investigation, the team was able to unravel the complexities of the builder’s design, gaining insights into how it assembles the ransomware strains, secures its payload and configures various parameters that govern its behavior.
“Suddenly, not only is the barrier to entry for the LockBit group removed, but a good deal of their weaponized techniques, tactics and procedures (TTPs) have been exposed,” commented Colin Little, security engineer with threat intelligence provider Centripetal.
“Law enforcement now has a lot of comparative data which will be used to close in around the LockBit group. This will also help cyber defenders prevent infiltration around the LockBit and affiliate TTPs.”