Someone has leaked the latest version of LockBit encryption online, and while it may seem like a data breach and theft at first, ransomware The public representative of the operator claims that it is actually the handiwork of a disgruntled developer.
A brand new Twitter account called Ali Qushji claimed that their team hacked LockBit’s servers and found the builder for the LockBit 3.0 cipher. The VX-Underground malware source code library followed up on the tweet, saying they had been contacted on September 10 by a user named “protonleaks” with the same content.
The same source also reported that LockBitSupp, the public spokesperson for Operation LockBit, confirmed that it was not the work of a hacking group, but of a disgruntled developer unhappy with the management of the ransomware operator.
Frustrated with management
“We reached out to the Lockbit ransomware group about this and found that the leaker was a programmer working for the Lockbit ransomware group,” VX-Underground tweeted (and later deleted the tweet). “They were upset with Lockbit’s management and issued a constructor.”
BleepingComputer has since confirmed the authenticity of the leak, saying it was the developer of the LockBit 3.0 cipher, codenamed LockBit Black. The version, which was in testing for two months until June, came with a number of new features, including anti-analysis, a ransomware bug bounty program and new extortion techniques.
The leak of the constructor does not mean that someone infected with LockBit can easily decrypt the stolen data. Instead, this means that other threat actors can easily compile their own versions by tweaking various configuration parameters, the ransom note, and other details. While this may hurt LockBit’s operations to some extent, it also means that organizations may soon encounter even more strains of ransomware.
This is not the first leak of the encryption source code to the network. At the start of Russia’s invasion of Ukraine, a hacker leaked the source code of Conti, a ransomware group that publicly supported the invasion at the time.
Via: BleepingComputer (opens in a new tab)