[MART] - Daily Diary #600 - Lockbit Builder Leaked Online

ctas-mat at appgate.com ctas-mat at appgate.com
Thu Sep 22 21:28:35 UTC 2022


Hello,
I hope everyone is doing well!

Below is the entry for today.

09/22/2022 - Diary entry #600:

This week the builder of Lockbit 3.0 (the tool responsible for building and configuring Lockbit samples) was published on GitHub, under the repository "LockBit-Black-Builder". The leaked tools allow threat actors to quickly generate Lockbit samples while enabling optional features (like process killing and other parameters for the encryption) through a configuration file. The tool also comes with Lockbit decryptor, which can be used if in possession of the private key.

According to the Twitter account VX-Underground, which was contacted by the representative of Lockbit, the build was leaked by an unsatisfied member of Lockbit.

Lockbit 3.0, as covered in our Daily Diary #597, is by itself a fork of another ransomware family: BlackMatter, and the release of the builder will also allow other cybercrime gangs to build their own version of Lockbit - either by just rebranding the malware and ransom notes or by modifying the malware to their need.

On the other hand, with the builder, cybersecurity researchers can conduct more tests and analyze easily how Lockbit behaves - allowing the development of more robust protection mechanisms.

Kind Regards,

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/logo@2x.png]<https://www.appgate.com/>

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>



MART

Malware Analysis and Research Team

Appgate

E: ctas-mat at appgate.com<mailto:ctas-mat at appgate.com>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/mart/attachments/20220922/b0197edf/attachment.htm>


More information about the MART mailing list