Wednesday , October 30 2024

Lockbit 3.0 Builder Leaked: Anyone Can Blend Ransomware

It has come to the attention of researchers that the LockBit 3.0 builder has suffered from a leak, which now allows anyone to create various versions of the LockBit ransomware according to their own preferences. This poses a serious security risk that should not be taken lightly.

LockBit” is a ransomware-as-a-service (RaaS) group that has been active since September 2019. LockBit has developed several variants: LockBit 1.0, LockBit 2.0, LockBit 3.0, and LockBit Green.

Rented bank account used to illegal transection: 5 arrested

The Indian Cyber Crime Coordination Centre (I4C) has warned about illegal payment gateways set up by transnational cyber criminals using...
Read More
Rented bank account used to illegal transection: 5 arrested

Successfully held “InfoSecCon-2024″at Dhaka Bangladesh

With a festive look and the participation of more than one hundred participants from Bangladesh cyber industry, another successful cyber...
Read More
Successfully held “InfoSecCon-2024″at Dhaka Bangladesh

Bangladeshi hacker hack for girlfriend’s expenses; finally caught

Fazle Hassan Anik hacked girls' Facebook accounts to steal sensitive pictures, which he used to blackmail them for money. He...
Read More
Bangladeshi hacker hack for girlfriend’s expenses; finally caught

Bangladeshi Social media flooded with unauthorized withdrawals from bank accounts

Bangladeshi Social media posts have raised concerns about unauthorized withdrawals from bank accounts, affecting at least 7 to 8 people...
Read More
Bangladeshi Social media flooded with unauthorized withdrawals from bank accounts

Unprotected UN Database Exposes 228GB of Gender Violence Victims’ Data

Cybersecurity researcher Jeremiah Fowler found a non-password-protected database with 115,000 records linked to the UN Trust Fund to End Violence...
Read More
Unprotected UN Database Exposes 228GB of Gender Violence Victims’ Data

Cisco Issues Urgent Fix for ASA and FTD Software Vulnerability

Cisco announced updates on Wednesday to fix a security flaw in its Adaptive Security Appliance (ASA) that is currently being...
Read More
Cisco Issues Urgent Fix for ASA and FTD Software Vulnerability

Hackers Earn $500,000 on First Day of Pwn2Own Ireland 2024

White hat hackers at the Pwn2Own Ireland 2024 contest by Trend Micro's Zero Day Initiative earned $500,000 on the first...
Read More
Hackers Earn $500,000 on First Day of Pwn2Own Ireland 2024

Fortinet + Crowdstrike team on protection from endpoint to firewall

In today's rapidly changing cybersecurity environment, organizations encounter numerous complex threats targeting endpoints and networks. CrowdStrike and Fortinet have partnered...
Read More
Fortinet + Crowdstrike team on protection from endpoint to firewall

Sophos to Acquire Secureworks in $859M

Sophos, based in the UK, is to acquire Secureworks, a Nasdaq-listed company, for $859 million in cash from Dell Technologies....
Read More
Sophos to Acquire Secureworks in $859M

2nd time hacker breached Internet Archive

The Internet Archive was breached again, this time through their Zendesk email support platform, following warnings that threat actors had...
Read More
2nd time hacker breached Internet Archive

Lockbit 3, also known as Lockbit Black, was detected for the first time in 2019. Due to its complex architecture and encryption methods, it evades traditional scan engines.

Securelist’s investigation team, GERT, detected the intrusion attempt of the Lockbit 3 variant and shared the detailed report on their blog.

What is New in LockBit 3?

Lockbit Black is a highly complex ransomware variant with undocumented kernel-level Windows functions and strong protection against reverse engineering.

Many security experts confirmed the leakage of a builder for LockBit 3.0 in September 2022, and various groups started to abuse the builder.

Kaspersky’s protection system detected the lockbit threat as “Trojan.Win32.Inject.aokvy”.The techniques and intrusion attempts are identical to those of other ransomware groups listed by Kaspersky.

However, the ransom demand procedure was significantly different from the one that this threat actor was known to use. The attacker used a different ransom note with a title from the National Hazard Agency, a previously unknown group.

“The ransom note used in this case directly described the amount to be paid to obtain the keys and directed communications to a Tox service and email, unlike the Lockbit group, which uses its own communication and negotiation platform.”

ransom note

Many other threat groups started abusing exfiltrated builders to create their own ransomware notes and communications channels.

Kaspersky’s telemetry found 396 LockBit samples, 312 of which were generated using the leaked builder, and Ransom notes in 77 pieces that didn’t mention “LockBit.”

Check Also

Microsoft

Microsoft’s Alarming Report: 600 Million Cyberattacks perday

Cybersecurity threats have surged to extraordinary heights, as Microsoft’s latest Digital Defense Report reveals that …

Leave a Reply

Your email address will not be published. Required fields are marked *