A Dissatisfied Developer Leaked the LockBit Ransomware Builder to the Public

lockbit ransomware builder
Written by William Reddy

Information security specialists reported that the builder of the well-known encryptor LockBit was published in the public domain. Apparently, LockBit 3.0 was leaked by a dissatisfied developer or a competitor of the group.

Let me remind you that the LockBit hack group released version 3.0 of the LockBit malware in June 2022 and at the same time introduced its own bug bounty ransomware program, offering money to other attackers for interesting vulnerabilities. Let me remind you that we also wrote that New Bumblebee Malware Downloader Became a Replacement for BazarLoader for Hackers. This week, an information security researcher known as 3xp0rt reported that a recently registered Twitter user named Ali Qushji claims that he and his team hacked into the LockBit servers and discovered a LockBit 3.0 ransomware builder, which he hastened to leak to the public. lockbit ransomware builder After that, another well-known information security expert, vx-underground, confirmed that on September 10, a user with the nickname protonleaks contacted them and also shared a copy of the same builder. At the same time, according to vx-underground, the official representative of the LockBit group (LockBitSupp), claims that there was no hacking at all, and the private builder is distributed by a hired developer dissatisfied with the leadership of the hack group. Bleeping Computer asked for the opinion of several more information security specialists, and they all confirmed that the builder is genuine. Journalists warn that regardless of the source of this leak, the publication of the LockBit 3.0 builder online is likely to increase the number of ransomware attacks. After all, the builder allows criminals to quickly create the executable files needed to launch their own campaign (including the encryptor itself, the decryptor, as well as specialized tools). In fact, the tool consists of four files: an encryption key generator, the builder itself, a modifiable configuration file, and a batch file for building all files. lockbit ransomware builder lockbit ransomware builder For example, the config.json file can be used to configure the ransomware, including changing the ransom note, changing configuration settings, listing which processes and services to terminate, and even setting the control server where the malware will send data. That is, nothing prevents any attackers from associating malware with their own infrastructure. lockbit ransomware builder It must be said that this is far from the first major leak of the source code associated with the ransomware. For example, in 2021, the source code of the Babuk ransomware got into the network, and in the spring of 2022, the source codes of the Conti ransomware leaked.

About the author

William Reddy

I am from Ireland. My parents bought me a computer when I was 11, and several months after I have got a virus on this PC. I decided to enter the INSA Centre Val de Loire university after being graduated from the school. This French educational institution was offering a brand-new cybersecurity course. After getting the master's degree in cybersecurity, I've started working as a virus analyst in a little anti-malware vendor.

Leave a Comment