The leak of the LockBit builder poses concern among cyber experts

October 3, 2022
LockBit Builder Leak Cybercrime Experts Researchers Ransomware

LockBit ransomware’s toolkit for creating custom payload versions has leaked recently, alarming cybersecurity experts of the possibility of its widespread use for cyberattacks. The leaked LockBit 3.0 builder allows even low-skilled actors to create new versions of ransomware.

The leak of this ransomware builder has been attributed to an alleged angry affiliate of the threat group. However, this affiliate said that even though this builder has been leaked for public use, it is still improbable that it will be used to create or replicate what the originated threat group does in their campaigns.

 

Despite these claims, several security experts are certain there is still a chance for other threat groups to build and customise their payload using the leaked LockBit 3.0 builder.

 

They also added that other ransomware operators could easily replace their payloads using the rebranded variants of LockBit, which they can use for ransomware campaigns.

Launching LockBit 3.0 allowed the threat group to become one of the most prolific criminal groups in the threat landscape. For August this year, there are at least 68 documented victims of LockBit, including some damaging attacks against healthcare institutions and industrial systems across several countries.

The newest upgrade of the LockBit ransomware came with enhanced features that helped it encrypt compromised files sharper than it originally could. Since this new version has been leaked online, other threat actors are given a chance to customise, configure, and generate executables to both encrypt and decrypt the targeted files.

Adding also to the concern of the cyber experts is how they believe anyone that holds the LockBit builder can initialise a full-fledged ransomware operation of their own. Nonetheless, aside from other threat groups, the builder’s leak could also benefit security researchers in analysing and exploring it and potentially gathering threat intelligence to combat ransomware campaigns.

Security experts also had the chance to observe the works of the LockBit group because of the recent builder leak, enabling them to assess its internal procedures and learn that there are insider threats within their criminal organisation – a potential implication of a disgruntled system.

About the author