The LockBit ransomware gang seems to be facing an internal conflict wherein one of the developers allegedly leaked the LockBit builder post the release of its latest 3.0 version. The new version was codenamed ‘LockBit Black’ and had high hopes for the hackers, as several parties claimed that the 3.0 would “Make Ransomware Great Again.”
However, despite the high expectations, one of the developers was not convinced by the hype and leaked the builder on the internet. According to sources, the new ransomware variant had an anti-analysis feature that could covert its operations and was packed with many new features and extortion methods.
LockBit 3.0 builder leaked
Unknown person @ali_qushji said his team has hacked the LockBit servers and found the possible builder of LockBit Black (3.0) Ransomware. You can check it on the GitHub repository https://t.co/wkaTaGA8y7 pic.twitter.com/cPSYipyIgs
— 3xp0rt (@3xp0rtblog) September 21, 2022
According to the cybersecurity researcher 3xp0rt, a Twitter user named “Ali Qushji” claimed responsibility for the release of the builder. The group also stated that they hacked into the LockBits operation and got hold of the LockBit 3.0 ransomware encryptor, which they released on the internet.
However, despite the claim, many other players have also come forward and claimed to have leaked the builder. According to VX-Underground, another user named ‘protonleaks’ also shared a copy of the leaked builder on September 10, 2022.
However, the story took an interesting turn when the public speaker for the LockBit operation stated that none of the claims were “true” as an aggrieved developer from Lockbit was behind the leak of the ransomware builder. According to sources, the developer was upset with the “Lockbit leadership and leaked the builder in retaliation against the operation.
How can the LockBit 3.0 builder leak impact organizations?
LockBit ransomware is a popular malware created to encrypt all the primary access to the system and is also capable of stealing sensitive information from directories and networks. It is one of the most capable self-spreading malware that can immobilize a user’s access to the system files and documents.
In most cases, the victims are forced into a ransom amount in exchange for the decryption of the data. However, in some instances, it is seen that the threat actors ask for large sums of ransom and threatens to release or delete confidential files on the victim’s computer.
LockBit ransomware was previously working in a centralized hierarchy. However, the leak damaged the ransomware gang and created a probability of other threat actors jumping on the LockBit builder to build their new malware version. This will ultimately be catastrophic for enterprises because they will see a rise in LockBit-based cyber attacks since every other threat actor would have access to its source code.
With the advancements and features in the leaked LockBit 3.0 builder, many threat actors could launch new campaigns targeting multiple organizations using modifiable malware versions.