Update on LockBit ransomware and its place in the C2C market.

Cyber Security Works has published an analysis of the LockBit ransomware. LockBit is a ransomware-as-a-service offering whose affiliates opportunistically target large organizations around the world. The malware has gone through several iterations and improvements since it first appeared in 2019:

“LockBit is known for many of its unique characteristics - sophisticated technology, triple-extortion method, heavy marketing to affiliates, and high-severity cyber attacks. LockBit’s attack presence is seen globally, with intermediate breaks during which their ransomware technology has received superior upgrades. Their recent attack strategy and frequency makes LockBit a formidable predator in the cyber realm and a determined adversary.”

The researchers note that the builder for the latest version of LockBit was recently leaked:

“In September 2022, an allegedly disgruntled developer leaked the builder for LockBit 3.0’s encryptor on Twitter. The developer was reportedly unhappy with the group’s leadership and leaked the private data. This is a blow to the ransomware group as the builder data allows anyone to start their own ransomware kit with an encryptor, decryptor, and specialized tools to launch the decryptor in certain ways.”

In other news about LockBit, researcher Vladyslav Radetsky reports that the Bl00dy gang has used the LockBit 3.0 builder, leaked last week, to deploy ransomware against targets in Ukraine.