Someone has leaked the latest version of LockBit's encryptor online, and while it might seem like a leak and data theft at first, the ransomware operator's public representative claims that it is actually the work of a disgruntled developer.
A new Twitter account named Ali Qushji claimed that his team hacked into LockBit's servers and found a generator for the LockBit 3.0 ransomware encryptor. After the tweet, the VX-Underground malware source code library weighed in, saying that a user named "protonleaks" contacted him on September 10 with the same content.
The same source also said that LockBitSupp, the public representative of Operation LockBit, confirmed that it was not the work of a group of hackers, but of a developer dissatisfied with the leadership of the ransomware operating company.
Shaken by leadership
“We contacted the Lockbit ransomware group about this and found out that this leak was a programmer employed by the Lockbit ransomware group,” VX-Underground tweeted (and later deleted the tweet). "They were upset with Lockbit's leadership and revealed the builder."
BleepingComputer has since confirmed the authenticity of the leak, claiming that it was the creator of the LockBit 3.0 cipher, codenamed LockBit Black, that was leaked. The release, which has been in testing for two months through June, comes with a number of new features, including anti-scanning, a ransomware bug bounty program, and new extortion methods.
The manufacturer's leak does not mean that anyone infected with LockBit can now easily decrypt the hacked data. Instead, it means that other threat actors can easily compile their own versions, changing various configuration options, ransom notes, and other details. While this may harm LockBit's operations to some degree, it also means that organizations will soon be faced with an even larger number of ransomware strains.
This is not the first time that the source code of a cryptor has been leaked online. At the beginning of the Russian invasion of Ukraine, a hacker leaked the source code of Conti, a ransomware group that publicly supported the invasion at the time.
Via: BleepingComputer (Opens in a new tab)