LockBit ransomware leaked online by angry developer
>
Someone has leaked the latest version of LockBit’s encryptor to the internet, and while it initially looks like a data breach and theft, the ransomware operator’s public representative claims it’s actually the work of a disgruntled developer.
A brand new Twitter account called Ali Qushji claimed that their team hacked into LockBit’s servers and found a builder for the LockBit 3.0 ransomware encryptor. Following the tweet, the VX-Underground malware source code library came in and said they had been approached on September 10 by a user called “protonleaks,” with the same content.
The same source also said that LockBitSupp, the public representative of the LockBit operation, confirmed that this was not the work of a hacking group, but rather a disgruntled developer, dissatisfied with the ransomware operator’s leadership.
Angry with leadership
“We contacted the Lockbit ransomware group about this and found that this leaker was a programmer employed by the Lockbit ransomware group,” VX-Underground tweeted (then deleted the tweet). “They were angry with Lockbit’s leadership and leaked the builder.”
BleepingComputer has since confirmed the authenticity of the leak, claiming it was leaked to the builder of the LockBit 3.0 encryptor, codenamed LockBit Black. The version, which was in the testing phase for two months until June, came with a number of new features, including anti-analysis, a ransomware bug bounty program, and new extortion methods.
The builder leak does not mean that whoever gets infected with LockBit can now easily decrypt the hijacked data. Instead, it means that other threat actors can easily build their own versions by customizing various configuration options, the ransom note, and other details. While that could hurt LockBit’s operations to some degree, it also means organizations could soon be dealing with an even greater number of ransomware strains.
It’s not the first time an encryptor’s source code has been leaked online. At the beginning of the Russian invasion of Ukraine, a hacker leaked the source code of Conti, a ransomware group that publicly supported the invasion at the time.
Through: BleepingComputer (opens in new tab)