A public official claims that the latest version of LockBits encryptor has been leaked to the internet, though it might initially appear to be a data breach or a theft.
Ali Qushji, a brand-new Twitter account, claimed that their server was raided by LockBit, and that they had found a builder for the LockBit 3.0 ransomware encryptor. Following the tweet, a malware source code library VX-Underground claimed they were contacted on September 10, with the same content.
The same source said that LockBitSupp, the public representative of the LockBit operation, confirmed that this was not the work of a hacking organization, rather than a disgruntled developer who was not content with the administration of ransomware.
Upset with leadership
"We reached out to a Lockbit ransomware organization when it came to this information," said VX-Underground, who later deleted the tweet. "They were outraged with Lockbit''s leadership and leaked the builder."
BleepingComputer has since confirmed the authenticity of the leak, stating that its LockBit 3.0 encryptors builder, codenamed LockBit Black, was leaked. The version, which was in the testing phase for two months prior to June, included a number of new features, including anti-analysis, a ransomware bug bounty program, and new methods of extortion.
The builder isn''t the only thing that anyone who gets infected with LockBit can now quickly decrypt the hijacked data. Instead, other threat actors may modify their own versions with ease, including altering several configuration options, the ransom note, and other details. While that might be detrimental to LockBits'' operations, it also means that organizations may soon be confronted with an even greater amount of ransomware strains.
This is not the first time an encryptors source code has been leaked online. At the start of Russia''s invasion on Ukraine, a hacker leaked Contis source code, a ransomware organization that publicly supported the invasion at the time.